Re: Directory Permissions - What gives?
- From: Dragos CAMARA <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2007 10:54:04 -0700
i can agree that authenticated users can be a best practices, but you make
again a VERY BAD MISTAKE : guest account isn't member of authenticated users
group :)(you have to read and learn more)
The Everyone group often contains the same set of users as the Users and
Authenticated Users groups. However, if you've enabled the Guest account,
you'll find that users who have logged on as Guest are members of Everyone
but not members of Users or Authenticated Users.
The difference between the Users and Authenticated Users groups is a bit
more esoteric.
Windows networks include the ability to have computer-to-computer
connections that involve null sessions. Computers use these sessions to
exchange lists of shared folders, printers, and other network resources;
workstations use null sessions to connect to domain controllers (DCs) before
users authenticate to the domain.
--
Dragos CAMARA
MCSA Windows 2003 server
"SBS Rocker" wrote:
Now that's what everyone here is talking about Dragos. You are creating more.
work. If you had the parent folder shared at Everyone=FULL or even better
Authenticated Users=FULL you'll never have to modify the share permissions
again no matter what type of access you need to grant in the folder or sub
folder. All security is now controlled and managed at the NFTS folder and
sub folder levels.
There was a reason why pre W2K3 by default for a share was Everyone=FULL.
Now they have changed it to Everyone=Read. You may not agree with having
Everyone=FULL at the share level but you seem to agree with Authenticated
Users=FULL at the share level. Isn't the Guest account a member of Everyone
as well as Authenicated Users? That siad if you did it that way there would
be no reason to creating new groups or removing groups at share level.
Correct? All you would need to do at the parent FolderA and sub folderB now
is create one new group and give them Read access. Copy the inherited NTFS
permissions from the parent folder and add Group B and have inheritance
turned on at the sub level to all child folders.
That is the reasoning behind why you only need to apply one group at the
share level so you don't have to go back and do all the extra work at the
share level as you just explained.
"Dragos CAMARA" <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:707B3AF6-BA71-4A69-B0A6-04807F047C1A@xxxxxxxxxxxxxxxx
simple as a walking in a park :
create a group C give ntfs share permisions to that group, add group A and
B
to C, remove group A from share permission, give NTFS rights acording to
group A and B.
everyone group full access : includes anyone who has access to network
resources, including the Guest account - so keep to guest account with
that
rights
--
Dragos CAMARA
MCSA Windows 2003 server
"Albert Louis" wrote:
hmmmmmmmmmm this is all very interesting. Sure would like to see what
Dragos
response is to Eagles10 question. Dragos I'm almost embarrassed to have
read
your reply to Andrew instructing him to secure his folders at the share
level using groups. Makes the rest of us MCSA's look like we have no
creditability
"Eagles10" <bogus@xxxxxxxxx> wrote in message
news:%233TvKRWyHHA.4276@xxxxxxxxxxxxxxxxxxxxxxx
wow!!! looks like I stumbled into a very interesting thread. Did anyone
ever resolve Andrew's issues? Let me throw in my cents here and try not
to
offend anyone. I'm going to have to agree with SBS Rocker simply
because
if you start applying users and groups at the share level you are
creating
more work and managing the ntfs folder permissions becomes quite a task
Rocker is correct. You need to apply Everyone=FULL at the share level.
I'm
not sure what Dragos was thinking about offering his suggestion to add
groups to the share permissions. Afterall he is a MCSA and he should
know
better than that.
Dragos what happens if I give Group A FULL share permissions and Modify
NTFS permissions on the folder. Now I have a subfolder that requires
part
od the users of Group A to have Modify and a new Group B to have read
access yet some of the members of Group B are members of Group A. Now
what
are you going to do?
"Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BF348C3A-D097-4852-AFB2-71978C5D6F81@xxxxxxxxxxxxxxxx
I shared a directory with one of our Windows 2003 servers and gave a
user
Full Control accesss to that directory. However, from his computer
where
he
is logged on, he can't copy and paste anything to that directory. If
he
remote desktop's into the server and logs on as himself, he can browse
to
another network share and pull the file over without any problems.
I never had this problem in Windows 2000. How do I configure a
directory
on
a Windows 2003 server so that people can "push" files to that folder
without
logging onto the server locally and "pulling" the files over?
- Follow-Ups:
- Re: Directory Permissions - What gives?
- From: SBS Rocker
- Re: Directory Permissions - What gives?
- References:
- Re: Directory Permissions - What gives?
- From: Eagles10
- Re: Directory Permissions - What gives?
- From: Albert Louis
- Re: Directory Permissions - What gives?
- From: SBS Rocker
- Re: Directory Permissions - What gives?
- Prev by Date: Re: H_Key_Current_User question
- Next by Date: Re: Directory Permissions - What gives?
- Previous by thread: Re: Directory Permissions - What gives?
- Next by thread: Re: Directory Permissions - What gives?
- Index(es):
Relevant Pages
|
