Microsoft Best Practices for Share permissions on a Windows Server 2000/2003.

Posted on 2005-04-28
Last Modified: 2010-04-18

I have searched and not come up with an "official" resource for the MS Best Practice for file shares and the appropriate permissions.

I am looking for a link to a Microsoft web resource on best practices for setting up file shares and folder permissions.

The scenario is:

A small office has a single File and Print server.
Three user types:
1) Supervisors - create forms and templates for everyone to use in their job functions. They use these forms as well.

2) Users - should be able to open a form, enter data, and then save it to Projects folder under the appropriate job folder.

3) Clients-are able to login to the domain with an account named "client" to go through hands on tutorials, practice how to use a computer in a one on one environment, etc..

|        |__BBonds
|        |__MMcGuire
|       |__SFGiants
|       |__OakAs
|___ etc..

Question by:pdxsrw
    LVL 9

    Expert Comment

    Do you have a Novell or Microsoft network? There is no Supervisor in MS only in Novell. If you have a MS network you have the option of setting restrictions on the share or on the folder. Personally I set authenticated users full access on the share and then I decide on the folder level what NTFS rights every group of users should have. What I always do is to remove the everyone group from the folders and replace it with either a specific group or authenticated users. The thing is to choose one way of setting rights and usually you are to restricted in options with the share permissons so it is easier to go with the NTFS permissions.
    LVL 3

    Accepted Solution

    Best practices for Shared Folders from MS
    The most problems appears not from tehnical implementation, but organizational things/changes.
    LVL 18

    Assisted Solution

    When you talk about file/folder permissions in windows 2000+ then you are really talking about 2 kinds...NTFS and share permissions. It is important to understand the difference between the two. As said above by joe, best practice is usually to grant a large group (such as authenticated users) full access to share permissions and use NTFS permissions to control your access.

    For what you want to do, you will need to set NTFS permissions.

    Here are a couple links for learning about the two:

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now