Solved

Sharing/Security Information for folders and subfolders

Posted on 2004-10-07
2
637 Views
Last Modified: 2013-12-04
I have few questions arised in my mind which are as follows:

(1) I have Windows 2003 Server installed in my Server. My clients are connected with the domain. I have created a shared folder for every users and assigned permission to specific users as read only or Full Access etc. I know we can have subfolder(s) within the shared folder. Can I assign permission to that subfolder different from the shared root folder. How can I do that?
The subfolder should not be shared. The subfolder should inherit the sharing from the root folder.  

Example: If my root shared folder has full access permission for everyone or for a specific user and I want to assign for a specific user No Access or Read only permissions on the subfolder. How can I assign a different permission on the subfolder(s)for specific users?

(2) What is the difference between the Permissions in Sharing Tab and the Security TAB of folder propertise?

(3) I have a file in the shared folder of my domain. It has Read Only permission. When we execute the particular file we cannot make any changes in that file. But we can save the file in our local hard drive.
How can I restrict the file for saving into the local hard disk? The files should be restricted to Read Only.

Awaiting your reply
Regards
Sameer M. Aziz
0
Comment
Question by:smaziz
2 Comments
 

Expert Comment

by:Clayton555
ID: 12246833
Hi,

1.) On the root share, enable Read Only SHARING permissions for everyone (on the sharing tab).

On the SECURITY tab, give full access permissions for everyone who needs to access the files in the shared folder, and all subfolders.  By default, all permissions on the subfolders are inherited from the parent folder.

To block certain subfolders from inheriting the permissions, right click the subfolder you want to block, select Properties, select Security tab, click Advanced.  At the bottom of that window, there is a tick box which says "Inherit from parent the permissions entries etc ect ect".  Untick this box.  A popup box will appear - click remove.  You now need to specify which users need permissions to this subfolder, as there will now be no permissions, as it wont have been inherited.  Dont forget to add yourself, otherwise you wont be able to get access to that subfolder either.

To summerize you are basically removing the inherited permissions, and giving specific permissions on that subfolder.

2.)  The difference between Sharing tab and Security tab:  If sharing is enabled, it allows that folder to be visible on the network - thats all.  

Full control sharing to everyone means anyone can stop that folder being shared.  Read only sharing to everyone means everyone can see the share, but can't disable the sharing.

Security tab is your permissions to the subfolders and files within the share.  Once you enable sharing, you need to actually set security permissions so people can actually open the share and see the folders and files - not just see it.  By default Everyone has read only security permissions, so on a new share everyone can see the contents.

3.)There is no way you can really stop people saving documents from the network share onto their local machines.  The idea of read only permissions on a network is to stop for example, a template being overwritten.

Its not feasable to prevent documents being saved locally.  As long as the document can be viewed, it can be taken elsewhere - for example a screenshot, someone writing down the information on a piece of paper, it being saved to a floppy disk etc etc

Hope this helps
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12248022
Hi

(2) What is the difference between the Permissions in Sharing Tab and the Security TAB of folder propertise? - Quite a big difference really. Security permissions relate to NTFS permissions - which can only be used with NTFS file system - ie Windows NT/2000/2003 Servers/XP Pro/2000 Pro, not FAT32 etc. You'll notice that you can do a lot more with NTFS permissions than you can with ordinary share permissions. Even if you set share permissions to everyone, you can restrict access using NTFS Security Permissions.

Useful Articles here - You'll need to sign into the first link to read it all but you can sign up for free
Share versus NTFS Permissions
http://www.cramsession.com/articles/files/share-versus-ntfs-permiss-9162003-1702.asp?
Managing Windows NT Security (Useful to read all 5 pages - see at the bottom of the link page)
http://www.windowsitlibrary.com/Content/226/08/2.html

Regarding Point 3 - Whilst there never used to be a standard Microsoft Way of doing what you wanted things may have changed slightly. You could look into this - Windows Rights Management
Windows Rights Management Services
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
Rights Management Add-on for Internet Explorer
http://www.microsoft.com/windows/ie/downloads/addon/default.mspx

I've just started looking at it as a means of making various documents available for users to read and print without them being able to copy them. It appears to be able to do the job, so long as the files are produced with rights management enabled software (a potential snag). However you can create rights managed documents with Office 2003 Pro, and there's a software development kit. Definitely worth a look if you're starting off a new network,

Deb :))
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now