Difference between the share permissions and the security and how should these be set to access a folder?

I want to know what the difference is between the share permissions and the security tab on windows 2000 server.  I am trying to give users access to a program on an app server.  I gave full access to groups under the security tab, but the vendor tells me I need to give full access to the Everyone group which I do not want to do.  Do I need to put them in the share permissions tab also?  Or will this override the security tab?  Any help given would be greatly appreciate to clarify this situation.
manch03Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

parkerigCommented:
Hi,
The easiest way of thinking about this is that the share permissions are who can do what via the network
The security permisions are who can do what at the server console or via terminal services

If an app is started via a share it is still possible that it needs to write or read from a server hard disk and therefore needs relevant security permissions ( eg if temp file created in same directory as APP then user needs both share and security permissions)

Security permissions over rule Share permissions
eg If I give a user rights change permissions on a share but security is read only then they cannot change files.

Best way to test is create a share and experiment.

It is disappointing programmers still write applications that need FULL rights to EVERYONE
Cheers
Ian
0
Cyber-DudeCommented:
Sharing permissions: Who may access the file/folder via network and what access degree it has? (Read/Change and forth)
Security: Who may do what to the file/folder being accessed? (Open/Edit/View/Execute...and forth).

Simple

:)

Thanks parkerig

Cyber
0
manch03Author Commented:
Boy did I mess things up - I  gave permissions to groups on the permissions and took away everything under security because the users should not be doing anything to the server, etc.  Nobody could gain access to the application.  So I put them back in the security tab and everything works.  This program must need users in that security tab because it absolutely would not let anyone in.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

ahoffmannCommented:
you need at least read and execute permission on files, additional list permission on directories as NTFS permissions (probably that what you describe as "security tab"), set these for user/owner and group.
The share permissions then can be everyone doing all (probably what you describe as "share permission tab"), that's what M$ suggest allways, and as long as you belief in whatever M$ defines as security, it should work :-))
0
Rich RumbleSecurity SamuraiCommented:
The two work in conjunction- the easiest way to setup a share, and allow only certain groups or people to access them is:
On the SHARING tab, get specific with the groups and users. And on the Security tab, place Everyone, if they need to write to the share, they'll have to have that right in both places (shring tab and security tab) at least.
http://www.practicallynetworked.com/sharing/xp_filesharing/05createshares.htm (good tutourial on this subject)

-rich
0
ahoffmannCommented:
> On the SHARING tab, get specific with the group and user. And on the Security tab, place Everyone, ...

dooh, richrumble, I'm shure you meant it the other way around ;-)
0
Rich RumbleSecurity SamuraiCommented:
yes, the otehrway around- sorry sleep deprived.
-rich
0
nader alkahtaniConsultantCommented:
" Do I need to put them in the share permissions "  yes on volume (like C:) but it will assigned by default  when you make sharing on any folder or file on the machine and also  on shared resource (file or folder...etc) , so that you should remove Full control sharing permissions from shared resource like folder not from C:
will this override the security tab? no the Security Permissions override the sharing permissions .
more information :
(good resource) : http://www.microsoft.com/mspress/books/sampchap/6112d.asp

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418

good luck

0
nader alkahtaniConsultantCommented:
BEST PRACTICES ACCORDING TO MICROSOFT
• Use NTFS permissions when possible and use share permissions
on FAT or FAT32 volumes only.
• Avoid using both share and NTFS permissions. The results can be
confusing, unpredictable, and difficult to troubleshoot.
• Assign permissions to groups, not individual users.
• Assign the most restrictive permissions possible.
• Avoid specifically denying permissions to a shared resource.
Only do so if you need to override specific permissions already
assigned.
• Limit membership to the Administrators group, as this group
has full control permissions by default.
• Avoid changing the default permissions for the Everyone group
when possible. The Everyone group includes numerous other
groups and your results could be unpredictable.
• Never deny access to the Everyone group because that group
includes Administrators. Instead, remove the Everyone group
rather than specifically denying the Everyone group.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.