Solved

Difference between the share permissions and the security and how should these be set to access a folder?

Posted on 2004-09-21
10
3,703 Views
Last Modified: 2010-03-10
I want to know what the difference is between the share permissions and the security tab on windows 2000 server.  I am trying to give users access to a program on an app server.  I gave full access to groups under the security tab, but the vendor tells me I need to give full access to the Everyone group which I do not want to do.  Do I need to put them in the share permissions tab also?  Or will this override the security tab?  Any help given would be greatly appreciate to clarify this situation.
0
Comment
Question by:manch03
  • 2
  • 2
  • 2
  • +3
10 Comments
 
LVL 6

Expert Comment

by:parkerig
ID: 12118578
Hi,
The easiest way of thinking about this is that the share permissions are who can do what via the network
The security permisions are who can do what at the server console or via terminal services

If an app is started via a share it is still possible that it needs to write or read from a server hard disk and therefore needs relevant security permissions ( eg if temp file created in same directory as APP then user needs both share and security permissions)

Security permissions over rule Share permissions
eg If I give a user rights change permissions on a share but security is read only then they cannot change files.

Best way to test is create a share and experiment.

It is disappointing programmers still write applications that need FULL rights to EVERYONE
Cheers
Ian
0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12121132
Sharing permissions: Who may access the file/folder via network and what access degree it has? (Read/Change and forth)
Security: Who may do what to the file/folder being accessed? (Open/Edit/View/Execute...and forth).

Simple

:)

Thanks parkerig

Cyber
0
 

Author Comment

by:manch03
ID: 12129275
Boy did I mess things up - I  gave permissions to groups on the permissions and took away everything under security because the users should not be doing anything to the server, etc.  Nobody could gain access to the application.  So I put them back in the security tab and everything works.  This program must need users in that security tab because it absolutely would not let anyone in.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 51

Expert Comment

by:ahoffmann
ID: 12130351
you need at least read and execute permission on files, additional list permission on directories as NTFS permissions (probably that what you describe as "security tab"), set these for user/owner and group.
The share permissions then can be everyone doing all (probably what you describe as "share permission tab"), that's what M$ suggest allways, and as long as you belief in whatever M$ defines as security, it should work :-))
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 12157074
The two work in conjunction- the easiest way to setup a share, and allow only certain groups or people to access them is:
On the SHARING tab, get specific with the groups and users. And on the Security tab, place Everyone, if they need to write to the share, they'll have to have that right in both places (shring tab and security tab) at least.
http://www.practicallynetworked.com/sharing/xp_filesharing/05createshares.htm (good tutourial on this subject)

-rich
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12157858
> On the SHARING tab, get specific with the group and user. And on the Security tab, place Everyone, ...

dooh, richrumble, I'm shure you meant it the other way around ;-)
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 12159795
yes, the otehrway around- sorry sleep deprived.
-rich
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 12204559
" Do I need to put them in the share permissions "  yes on volume (like C:) but it will assigned by default  when you make sharing on any folder or file on the machine and also  on shared resource (file or folder...etc) , so that you should remove Full control sharing permissions from shared resource like folder not from C:
will this override the security tab? no the Security Permissions override the sharing permissions .
more information :
(good resource) : http://www.microsoft.com/mspress/books/sampchap/6112d.asp

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418

good luck

0
 
LVL 8

Accepted Solution

by:
nader alkahtani earned 500 total points
ID: 12204617
BEST PRACTICES ACCORDING TO MICROSOFT
• Use NTFS permissions when possible and use share permissions
on FAT or FAT32 volumes only.
• Avoid using both share and NTFS permissions. The results can be
confusing, unpredictable, and difficult to troubleshoot.
• Assign permissions to groups, not individual users.
• Assign the most restrictive permissions possible.
• Avoid specifically denying permissions to a shared resource.
Only do so if you need to override specific permissions already
assigned.
• Limit membership to the Administrators group, as this group
has full control permissions by default.
• Avoid changing the default permissions for the Everyone group
when possible. The Everyone group includes numerous other
groups and your results could be unpredictable.
• Never deny access to the Everyone group because that group
includes Administrators. Instead, remove the Everyone group
rather than specifically denying the Everyone group.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question