Configuring Permssions on a shared drive

Posted on 2006-05-31
Last Modified: 2013-12-04
I have a Dell 745N NAS device and I have created a few SHARES.  What is the standard or recommended way to configure the security permissions on the root directory of each SHARE? I have a HOME share where every employee has their 'home' folder...   Should everyone be able to at least 'LIST' the folders etc...  and I have a GROUPSHARE folder where each Dept. has folders to keep their documents in...    Also, should the inherited check box be off or on?
Question by:anthonyca
    LVL 12

    Accepted Solution

    The permissions depend very much on the nature of your environment so as such there is no standard way.  There is however best practice.  You can check these guides for some basic guidlines:

    You should remember that access is based on a combination of share and ntfs permissions.  Also the inherit option needs to be unchecked if you want to apply different permissions to the child directories.

    Hope this helps.

    Assisted Solution

    Obviously this all depends on the specific needs of your environment, but here is a simple configuration.

    For the shares permissions, give Full Control to a group such as "Authenticated Users" or Everyone, you could also use a list of more restrictive groups fro a little added security.  From there you will rely on the NTFS permissions to control access.

    For the NTFS permissions on each share, I would recommend only giving permissions (you probably want to use Full control here) to administrative groups.  By that I mean IT admins, not office admin type staff.   Let these permissions inherit down.   On the HOME root folder, you do not need to add any list permissions for individual users or user groups, assuming they are mapping a drive directly to their Home folder to (\\server(nas)\home\username).  For each individual home folder, just add the appropriate permissions for each respective user in addition to the inherited admin perms.  If you are using redirection/offline files, then you need to give the user full control over the folders.
    For the GROUPSHARE root folder, I would recommend that you do not allow user to have any ability to write to root as this helps keeps a cleaner structure in place.  Just give admins control and list for a User related group if they map a drive to the top level of the share (if they map to directly to their department folder under the share then list is not needed).  Then under the root folder create each department folder and give rights accordingly for admins and each department.

    Featured Post

    Scale it in WD Gold

    With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

    Join & Write a Comment

    Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now