Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

Help with Sharing and NTFS Permissions

I have set up a shared folder on our file server called marketing.  This folder has a sub-folder called Literature where we will be keeping PDF versions of all our literature for everyone to view,.  Within the Literature folder is a folder called Originals, which will store the original file, that only our Marketing person will have access to.

I set up sharing on the Marketing folder with the permissions for Everyone to have Full Control.  I then went to the security tab.  I was going to leave "Allow inheritable permissions...." enabled.  I am pretty certain that I can just set the NTFS permissions on the "Originals" folder to only allow our Marketing person access to the folder, correct?

Also, on the security tab, I noticed that Users, by default, has Read & Execute, List Folder Contents, Read, and Special Permissions enabled by default and that these settings cannot be changed.  When I click on the advanced button and go into the Users Special Permissions, I see that they are allowed to Create Files / Write Data and Create Folders / Append Data.  However, I only want my users to have read only rights and that is all when they are in the Marketing folder.

My first questions is why wouldn't the Users just have "Write" and "Modify" by enabled by default within the Security tab instead of having these special permissions?  The perform the same functionality, correct?

After doing a bit of digging, it appears that I would want to remove "Create Folders / Append Data" and "Create Files / Write Data" for Users from the advanced security settings, for that particular drive that the Marketing folder resides on.  I would also want to put a check mark to "replace permission entries on all child objects..."  I would do this because I do not want anyone to create folders or save files at the top level.  

Then for the Marketing folder, I would give Modify, Read & Execute, List Folder Contents, Read,and Write permissions to the Marketing Group since I want them to be able to create subfolders  and save files within the Marketing folder (or do I have to give them special permissions to do this?).  Users would then receive Read & Execute, List Folder Contents, and Read permissions because I only want them to have read access within the Marketing folder.  

Finally, on the Originals folder (in Marketing / Literature), I don't want any users BUT those in the Marketing Group to have access.  Therefore, I disable "Allow inheritable permissions..." and remove Users from the permissions.

Does this sound like the proper way to achieve this?  

Thanks,

Chris


0
csimmons1324
Asked:
csimmons1324
1 Solution
 
Stephen MandersonSoftware EngineerCommented:
Sounds like your on the right path.

The reason as to why the permissions are just write modify etc are because they are just general, you can also specify more advanced permissions to make sure specific things cant happen such as deleting files etc but allowing users to write to the folder.


here is some more infor on sharing permissions.
http://www.windowsecurity.com/articles/Share-Permissions.html

Kind regards
Steve
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now