[Last Call] Learn how to a build a cloud-first strategyRegister Now


Network Share is overriding NTFS permissions on Microsoft Server 2003

Posted on 2005-04-18
Medium Priority
Last Modified: 2010-08-05
I have a website for my company’s intranet that I moved from a NT server to a 2003 server.  The way it was setup on the NT server is it had a share giving domain users read only permissions and the individual parts of the site were setup with NTFS permissions to allow these users to edit their designated parts of the site.

Here is roughly how it is setup:

The share is set to:


Our users sites are all contained within the share so they are as follows:


I want the users to be able to go to the share and only be able to edit their designated site.  I have all of the NTFS permissions set up.  But what I have run into is when I set the share to allow domain users read only rights then nobody can edit their own site and if I give domain users read and write access through the share the share overrides the NTFS permissions and allows everyone to edit any of the sites.  I want to avoid changing the setup because I have over 70 sites I would have to setup and I would have to help over 120 programmers to change their process for publishing their websites.

Thanks in advance!
Question by:nsailsb
  • 2
LVL 97

Expert Comment

by:Lee W, MVP
ID: 13808878
Nope, you're mistaken.  Share Permissions do NOT override NTFS permissions.  When connecting to a share with share permissions set, the MOST RESTRICTIVE permissions prevail.  Meaning if NTFS is Full Control and Share is Read only, then users only have READ ONLY.  IF NTFS is READ ONLY and Share is FULL CONTROL, then you only have READ ONLY (NTFS being the most restrictive).
LVL 97

Accepted Solution

Lee W, MVP earned 2000 total points
ID: 13808889
Personally, my servers rarely if ever set Shared permissions to anything other than EVERYONE Full Control.  I typically rely on NTFS security.

Author Comment

ID: 13808943
Thanks! thats what i thought, but it was not working.  So i just checked and realized the domain ID i was using to test with is in the admin group of the server and that is why it seemed like i was able to write to the folders when i didnt think i had permissions.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question