Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

fodler share security

Posted on 2006-11-10
4
Medium Priority
?
215 Views
Last Modified: 2013-12-04
What is the difference between setting security on the share tab for a folder in windows 2000 and setting security on the security tab of a folder in windows 2000?

Please explain also how setting security in one versus the other affects access.
0
Comment
Question by:markkurten
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 29

Accepted Solution

by:
Nightman earned 400 total points
ID: 17918832
Security via the share allows access to the share name via the network share.
Security via the security tab manages access to the physical folder/files on disk.

Access to the folder on disk allows access to the user, but no access via the share means that the user still cannot access the files via the network. The user would have to log on to the PC to access the folder. So a user may have full local permissions on a folder (and the files) from the local machine, but be prevented from updating (or even viewing) them accross the network.

Access via the share allows access to the network resource, but no access to the files on disk means that the user still can't do anything with them.

Does this makes things clearer or worse?
0
 

Author Comment

by:markkurten
ID: 17919161
thats exactly what i'm looking for - thank you..

so you can have a share and give full permissions to user x, but if you don't give them access using the security tab, they can't do anything with the files in the share?
0
 
LVL 29

Expert Comment

by:Nightman
ID: 17920444
That's it. Why don't you test it out?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17927816
Correct, the two work in tandem, the most restrictive setting is the one that is used... if you have everyone full control on the share, and you have userX denied delete on the NTFS permissions, UserX is denied delete as it is more restrictive than FC.
Share Permissions ( http://www.microsoft.com/technet/technetmag/issues/2006/01/HowITWorksNTFS/?related=y )

To access a file or folder remotely, both NTFS and Share Permissions are evaluated to determine the actual rights the user has to that object. Between NTFS and Share Permissions, the effective permissions are whichever is most restrictive. If the NTFS permission is Read and the Share Permission is Full Control, the effective permission is Read because it is the most restrictive. If the NTFS and Share Permissions were reversed, Read would still be the effective permission.

NTFS and Share Permissions work quite differently from each other. NTFS has a rather complex process of inheritance (see "NTFS Permissions" in the November-December 2005 issue of TechNet Magazine) but essentially a user gets the combination of NTFS permissions assigned to them and any groups they are in, including nested groups. In general, Deny overrides Allow. You have to enter the file system on a remote computer by accessing a share. The Share Permissions are evaluated on the share you use to enter the file system. There is no inheritance with shares. The Share Permissions assigned on the share you used to enter the file system are the permissions you have in that branch of the directory tree, even if there is another share lower in the tree with different permissions.
============
For ease of use/maintenance/administration, share permissions are fine to set Everyone- Full Control, and use the NTFS rights to apply restrictions. Do not include the everyone group on the NTFS (security tab), use authenticated users, and or the groups you need to apply the permissions to. Setting to FC on the share helps, because that right applies to all subfolders... NTFS can inherit or not inherit thier rights from parent folders.
http://technet2.microsoft.com/WindowsServer/en/library/86987829-3f74-412f-abb8-c8b22b07257d1033.mspx?mfr=true
-rich
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question