Network Share is overriding NTFS permissions on Microsoft Server 2003

Posted on 2005-04-18
Last Modified: 2010-08-05
I have a website for my company’s intranet that I moved from a NT server to a 2003 server.  The way it was setup on the NT server is it had a share giving domain users read only permissions and the individual parts of the site were setup with NTFS permissions to allow these users to edit their designated parts of the site.

Here is roughly how it is setup:

The share is set to:


Our users sites are all contained within the share so they are as follows:


I want the users to be able to go to the share and only be able to edit their designated site.  I have all of the NTFS permissions set up.  But what I have run into is when I set the share to allow domain users read only rights then nobody can edit their own site and if I give domain users read and write access through the share the share overrides the NTFS permissions and allows everyone to edit any of the sites.  I want to avoid changing the setup because I have over 70 sites I would have to setup and I would have to help over 120 programmers to change their process for publishing their websites.

Thanks in advance!
Question by:nsailsb
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Nope, you're mistaken.  Share Permissions do NOT override NTFS permissions.  When connecting to a share with share permissions set, the MOST RESTRICTIVE permissions prevail.  Meaning if NTFS is Full Control and Share is Read only, then users only have READ ONLY.  IF NTFS is READ ONLY and Share is FULL CONTROL, then you only have READ ONLY (NTFS being the most restrictive).
    LVL 95

    Accepted Solution

    Personally, my servers rarely if ever set Shared permissions to anything other than EVERYONE Full Control.  I typically rely on NTFS security.

    Author Comment

    Thanks! thats what i thought, but it was not working.  So i just checked and realized the domain ID i was using to test with is in the admin group of the server and that is why it seemed like i was able to write to the folders when i didnt think i had permissions.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
    I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now