Re: Access right

Doug,

Many thanks for your detail explanation that clears my mind. Does NTFS
permission mean Security? I have learnt that in NTFS, the file itself on
top of folder has another set of share and security permissions. Do they
follow the same rule?

Scott

"Doug Sherman [MVP]" <dsherman@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OvoLdhpDGHA.2704@xxxxxxxxxxxxxxxxxxxxxxx
> OK -
>
> When you connect to a shared folder the user's access rights are
> determined
> by combing his Share permissions and comparing them to his combined NTFS
> permissions in a manner that is best described by example:
>
> If John has Read Share persmissions and is a member of a group which has
> Change Share permissions, then John's effective Share permissions are
> Change - ie. he gets the best combination.
>
> If John also has Read NTFS permissions to the folder, and he is a member
> of
> a group which has Full Control NTFS permissions, then his effective NTFS
> permissions are Full control - ie. he again gets the best combination.
>
> However, if John accesses the folder through the share, he will only have
> Change permissions - ie. he gets the most restrictive combination of Share
> vs. NTFS.
>
> If either the best Share permission or the best NTFS permission that John
> has is Read, then John's access through the share cannot be better than
> Read. Remember that just because John is a member of a group which has
> only
> Read permission that does not prevent you from assigning some greater
> permission to John's user account or to some other group of which he is a
> member. However, you must give John's user account or some group of which
> he is a member BOTH higher Share and higher NTFS permissions.
>
> Doug Sherman
> MCSE, MCSA, MCP+I, MVP
>
> "Scott" <NoSpam-Scott.Xe@xxxxxxxxx> wrote in message
> news:#P9QpZoDGHA.2036@xxxxxxxxxxxxxxxxxxxxxxx
>> Doug,
>>
>> Thanks for your further advice. I prefer the second one but I believe it
>> also does not work. If I use NTFS/inheritance by putting Group 1 in read
>> right, user A becomes read only and this is not what I need. Probably my
>> explanation is unclear and my situation is quite common in reality. User
> A
>> is the person to own and update the file and the others are the reader
> only
>> or the recipients of the documents. Group 1 contains dozen or hundred of
>> persons to simplify the person entry and separate related persons as one
>> group within the company. Alternatively did I misinterpret your meaning
> of
>> NTFS/inheritance?
>>
>> Scott
>>
>> "Doug Sherman [MVP]" <dsherman@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> message
>> news:OOOC6bjDGHA.2584@xxxxxxxxxxxxxxxxxxxxxxx
>> > Also, if user A connects to Folder 1 or 2 through Root shared folder A
>> > (\\server\RootShare\Folder 1), he will never have better than Read
> access.
>> > You could avoid this by sharing Folders 1 and 2 separately and
> connecting
>> > directly to them; or configure an essentially empty parent share, give
>> > Everyone Change permissions, and then use NTFS/inheritance to further
>> > restrict access as desired.
>> >
>> > Doug Sherman
>> > MCSE, MCSA, MCP+I, MVP
>> >
>> > "Scott" <NoSpan-Scott.Xe@xxxxxxxxx> wrote in message
>> > news:OkOVIDWDGHA.2040@xxxxxxxxxxxxxxxxxxxxxxx
>> >> I need to configure the following right for user A.
>> >>
>> >> Root shared folder A <- Group 1 of both share and security including
> user
>> > A
>> >> has READ only
>> >>
>> >> Folder 1 below folder A
>> >> Folder 2 below folder A
>> >>
>> >> User A need to have WRITE right for the files in Folder 2. Your
> guidance
>> > to
>> >> accomplish it is greatly appreciated.
>> >>
>> >> Thanks,
>> >>
>> >> Scott
>> >>
>> >>
>> >
>> >
>>
>>
>
>


.

Relevant Pages

  • Re: FTP control
    ... > I would like to use NTFS security settings to control who ... I would suggest getting a third party FTP server, ... if you set quota and these permissions for that group you can ... Information Server (IIS) Web site, ...
    (microsoft.public.win2000.security)
  • RE: Any way to remove ADMIN$ only?
    ... Mixing the share permissions and the NTFS permissions generally cause ... which means more groups/people access the same shares. ... Along comes another admin that creates a share at a higher level in the ...
    (Focus-Microsoft)
  • Re: W2k and Front Page Security
    ... >> up now using subweb and setting permissions throgh ... >> with NTFS permissions contolling folders.When I set ... >FrontPage managed content areas you do really need to ... >authorship of every groupX subweb in addition ...
    (microsoft.public.win2000.security)
  • Re: Removing "File and Folder tasks"
    ... create a Group Policy to enforce the NTFS ... permissions, and then link it to that OU. ... Do NOT attempt to apply NTFS ... folder and user profile folders because if you incorrectly apply NTFS ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Removing "File and Folder tasks"
    ... You can put the computers you want to enforce the NTFS permissions on into ... create a Group Policy to enforce the NTFS ... folder and user profile folders because if you incorrectly apply NTFS ...
    (microsoft.public.windowsxp.security_admin)