Hi,
I have Windows 2003 server (FS) running as domain controller (testDomain) and file server too. There is a shared folder called 'test'. I specify 'full control' to 'everyone' group under share permissions, full control to 'administrators' and group 'testers', nothing to the rest.
There is another computer called 'outside-win2k' which is Windows 2000 server and physically connected to my network. 'outside-win2k' is not a member of 'testDomain. There is a local user account called 'outsider' on 'outside-win2k'. 'outsider' login to the local computer of 'outside-win2k'. When he type in \\FS in Windows Explorer, he sees shared folder 'test'. Further more, he is able to create/delete a folder inside 'test' folder.
Q#1. Why 'outsider' is able to see shared folder 'test' even though this user is not a domain (testDomain) user, not a member of 'administrator' or 'testers' group either?
Q#2. Is there a way not to display the share folder 'test' if the user does not even have 'read' permission?
Q#3. Why 'outsider' is able to create folders inside 'test' folder even though he is not supposed to have any permission?
Q#4 Usually the system will prompt the user ('outsider') for domain user name and password when non-domain users try to access the resources on the domain. Is it because such permission is cached in the past? If so, how to clear such cache? Note: I do not have any mapped network drive to FS.
Q#5. What is the easiest and practical way to manage file permissions?
Thanks a lot.
Start Free Trial
