In Windows 2000 server, our folder share permissions were pre-set to Full Control for the everyone group (I believe that is the default.) To limit access to folders and shares, I assigned specific groups and users in the folder securities tab. In the process, I removed a lot of inherited permissions.
I just upgraded my servers to Windows 2003, and discovered that my 2000 server method did not work as well because the everyone group did not get full rights by default. (I actually had not even realized the Folder Permissions setting was present in Windows 2000.) In my attempt to get things working again, I did some research on permissions and security and came to the conclusion that the way we had done things in Windows 2000 was not the best way. Specifically, removing a lot of inherited permissions bogged down the database with unnecessary data (is this correct?)
Now I am trying to work out the interaction between share permissions and folder securities. I have read a couple manuals and they give me just enough information to want more.
My questions are:
1. Is there a way to allow only certain users and groups to see a particular share?
2. Is the removal of inherited permissions best avoided, if possible?
3. What exactly does the Share Permission control?
4. Can someone point me to a good resource that describes permissions in detail with examples?