File security settings and Shared Folder permissions--how do they interact?

In Windows 2000 server, our folder share permissions were pre-set to Full Control for the everyone group (I believe that is the default.)  To limit access to folders and shares, I assigned specific groups and users in the folder securities tab.  In the process, I removed a lot of inherited permissions.

I just upgraded my servers to Windows 2003, and discovered that my 2000 server method did not work as well because the everyone group did not get full rights by default.  (I actually had not even realized the Folder Permissions setting was present in Windows 2000.)  In my attempt to get things working again, I did some research on permissions and security and came to the conclusion that the way we had done things in Windows 2000 was not the best way.  Specifically, removing a lot of inherited permissions bogged down the database with unnecessary data (is this correct?)  

Now I am trying to work out the interaction between share permissions and folder securities.  I have read a couple manuals and they give me just enough information to want more.

My questions are:
1.  Is there a way to allow only certain users and groups to see a particular share?  
2.  Is the removal of inherited permissions best avoided, if possible?
3.  What exactly does the Share Permission control?
4.  Can someone point me to a good resource that describes permissions in detail with examples?

Thanks,
srsdtech
srsdtechAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
GeneralMandibleConnect With a Mentor Commented:
I think this maybe the issue you're dealing with:
http://www.windowsitpro.com/Article/ArticleID/41280/41280.html

& here is a guide to some settings:
http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml
http://support.microsoft.com/default.aspx?scid=kb;en-us;325361

These should answere a few of your questions
0
 
GeneralMandibleCommented:
I believe in Windows a share is either visible or hidden globally using a $ at the end of the share name (correct me if I'm wrong).  I think all you can do is restrict access...or make it hidden (& restricted) and only give the respective groups/users the share name.
0
 
srsdtechAuthor Commented:
Thanks General Mandible.  
I looked at those, and they appear to address the subject very well.  I think they will answer my questions, though it'll probably take me a while to put everything into place.

I'll also try out the $ part.  There are some necessary shares it is best folks just don't know about.

srsdtech
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.