Help with Sharing and NTFS Permissions

Posted on 2007-08-01
Last Modified: 2010-04-18
I have set up a shared folder on our file server called marketing.  This folder has a sub-folder called Literature where we will be keeping PDF versions of all our literature for everyone to view,.  Within the Literature folder is a folder called Originals, which will store the original file, that only our Marketing person will have access to.

I set up sharing on the Marketing folder with the permissions for Everyone to have Full Control.  I then went to the security tab.  I was going to leave "Allow inheritable permissions...." enabled.  I am pretty certain that I can just set the NTFS permissions on the "Originals" folder to only allow our Marketing person access to the folder, correct?

Also, on the security tab, I noticed that Users, by default, has Read & Execute, List Folder Contents, Read, and Special Permissions enabled by default and that these settings cannot be changed.  When I click on the advanced button and go into the Users Special Permissions, I see that they are allowed to Create Files / Write Data and Create Folders / Append Data.  However, I only want my users to have read only rights and that is all when they are in the Marketing folder.

My first questions is why wouldn't the Users just have "Write" and "Modify" by enabled by default within the Security tab instead of having these special permissions?  The perform the same functionality, correct?

After doing a bit of digging, it appears that I would want to remove "Create Folders / Append Data" and "Create Files / Write Data" for Users from the advanced security settings, for that particular drive that the Marketing folder resides on.  I would also want to put a check mark to "replace permission entries on all child objects..."  I would do this because I do not want anyone to create folders or save files at the top level.  

Then for the Marketing folder, I would give Modify, Read & Execute, List Folder Contents, Read,and Write permissions to the Marketing Group since I want them to be able to create subfolders  and save files within the Marketing folder (or do I have to give them special permissions to do this?).  Users would then receive Read & Execute, List Folder Contents, and Read permissions because I only want them to have read access within the Marketing folder.  

Finally, on the Originals folder (in Marketing / Literature), I don't want any users BUT those in the Marketing Group to have access.  Therefore, I disable "Allow inheritable permissions..." and remove Users from the permissions.

Does this sound like the proper way to achieve this?  



Question by:csimmons1324
    1 Comment
    LVL 19

    Accepted Solution

    Sounds like your on the right path.

    The reason as to why the permissions are just write modify etc are because they are just general, you can also specify more advanced permissions to make sure specific things cant happen such as deleting files etc but allowing users to write to the folder.

    here is some more infor on sharing permissions.

    Kind regards

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now