Solved

Share or Security permissions?

Posted on 2008-10-09
3
182 Views
Last Modified: 2013-12-05
Hi

I have a folder on a Windows 2003 server that I would like to share.

Do I need to set the permissions in Security, or Share>Permissions, or both?

And which ones take precedence?
0
Comment
Question by:kam_uk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Assisted Solution

by:Andres Perales
Andres Perales earned 100 total points
ID: 22680458
You need to set both, Share Permissions set to everyone full, then lock it down using the permission with the security tab...
the restrictive permissions alway take priority.
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 200 total points
ID: 22680484
The most restrictive settings win.

Because of that and for simplicity, you would generally only use NTFS permissions (Security).

Think of it like this:
The share is the doorway into the files and folders at that point.  Like large office building, once you get into the doorway, you have the ability to see EVERYTHING in EVERY OFFICE (through share level permissions

With NTFS permissions, you can adjust things at the FILE level (including the folders) so that Doors 1, 3,4 7,9,10, and 12 are only accessible to user A while user B sees 2,3,5,6,7,9,11,12 and User C sees everything.

To put another way, if you set NTFS permissions to EVERYONE:Full access, and share permissions to READ ONLY then your users ONLY have READ ONLY (It's the most restrictive)

If you set NTFS permissions so that EVeryone has Read Only except for you and your boss with FULL access but set the Share permissions to Read Only, then you and your boss STILL have read only - the share permissions are more restrictive.

If you set NTFS permissions so that EVeryone has Read Only except for you and your boss with FULL access but set the Share permissions to Full Access, then you and your boss have Full access and everyone else has Read Only.

Finally, If you set NTFS permissions so that EVeryone has Read Only to everything except the file "phonelist" which allows FULL access but set the Share permissions to Read Only, then NO ONE can modify the phone list because the share permissions are more restrictive
0
 
LVL 3

Author Comment

by:kam_uk
ID: 22685859
Thanks!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question