Solved

Windows 2003 Folder Permissions Problems  - - - Urgent

Posted on 2008-10-28
7
195 Views
Last Modified: 2009-01-21
I'm in the process of move share from my old file server to my new one using Secure Copy 4.11. Anyway my share structure on my new server is as follows:
F:\
F:\Home
F:\Data
All of the users home directories go under the "Home" direcotory folder. Anyway my newly migratied shares have not only the domain user listed but the following groups as well: USERS, Creator, SYStem and of course Administrators. Is it ok for me to remove the USERS, CREATOR & SYSTEM groups from the parents folders? What are the downsides of doing this? What is the purposes of these groups? How do share and ntfs permissions differ??

Thanks Again.
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 22821099
The share permissons allow you to share a folder or a drive.  The NTFS permissions allow you to control the permissions to a specific file or directory within a share.

The way I work(and probably many others too) you give full control with your share permissions and then control file and directory access with the NTFS permissions.  Here is one of may links wth further information.

http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml
0
 
LVL 20

Author Comment

by:compdigit44
ID: 22821170
Thanks for the reply nappy_d: I'm still confused though...What is the purpose of the follow local group though: server\Creator Owner, server\System & server\Users. Is it ok for me to remove these group from the parent directory so these extra group do no propogate to the child folders? What are the purposes of these groups???????/
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 22821208
Before removing any permissions, make sure you have sound understanding of what is being done.

Those permissions are the defaulted permissions added by your system.  The only one I may suggest you look at removing is users.

AGAIN, MAKE SURE YOU KNOW WHY YOU ARE REMOVING THEM.

Users are generally people who are not admins but need access to the computer or files.

Creator Owner, is the person who created the directory and thus becomes the owner

You should draw outon paper how you want your permissions setup before you start making changes.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Author Comment

by:compdigit44
ID: 22821304
Does Microsoft or any other website out there list what the purpose of these defaults groups in Windows 2003 do??
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 22821355
Yes they do.

As mentioned the defaults are exactly that, they are the basic building blocks provided.  It would then be up to you or the admin(if you are not he/she) to modify them as you see fit.

The defaults do show what they do.  Every group can have different levels of permissions; Read, Write, Modify, Full Control, Read/Execute, List Folder contents13.  On top of that there are an additional 13 or so advanced permissions.

Take a look here...  http://www.windowsitlibrary.com/Content/592/toc.html
0
 
LVL 20

Author Comment

by:compdigit44
ID: 22825045
Thank for the reply I guess I'm just not understanding the purpose of the Creator Owner & System groups>...

0
 
LVL 32

Accepted Solution

by:
nappy_d earned 500 total points
ID: 22825236
Once you start reading thru that last link I posted, it will all make sense.

Think of it as this analogy:

You have a house with several rooms:

Anyone can enter the house(this is your share)

But, inside the house you only want certain people to enter the different rooms(This is where your NTFS permissions take over).

Does that make sense?
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question