Windows 2003 Folder Permissions Problems  - - - Urgent

Posted on 2008-10-28
Last Modified: 2009-01-21
I'm in the process of move share from my old file server to my new one using Secure Copy 4.11. Anyway my share structure on my new server is as follows:
All of the users home directories go under the "Home" direcotory folder. Anyway my newly migratied shares have not only the domain user listed but the following groups as well: USERS, Creator, SYStem and of course Administrators. Is it ok for me to remove the USERS, CREATOR & SYSTEM groups from the parents folders? What are the downsides of doing this? What is the purposes of these groups? How do share and ntfs permissions differ??

Thanks Again.
Question by:compdigit44
  • 4
  • 3
LVL 32

Expert Comment

ID: 22821099
The share permissons allow you to share a folder or a drive.  The NTFS permissions allow you to control the permissions to a specific file or directory within a share.

The way I work(and probably many others too) you give full control with your share permissions and then control file and directory access with the NTFS permissions.  Here is one of may links wth further information.
LVL 19

Author Comment

ID: 22821170
Thanks for the reply nappy_d: I'm still confused though...What is the purpose of the follow local group though: server\Creator Owner, server\System & server\Users. Is it ok for me to remove these group from the parent directory so these extra group do no propogate to the child folders? What are the purposes of these groups???????/
LVL 32

Expert Comment

ID: 22821208
Before removing any permissions, make sure you have sound understanding of what is being done.

Those permissions are the defaulted permissions added by your system.  The only one I may suggest you look at removing is users.


Users are generally people who are not admins but need access to the computer or files.

Creator Owner, is the person who created the directory and thus becomes the owner

You should draw outon paper how you want your permissions setup before you start making changes.
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

LVL 19

Author Comment

ID: 22821304
Does Microsoft or any other website out there list what the purpose of these defaults groups in Windows 2003 do??
LVL 32

Expert Comment

ID: 22821355
Yes they do.

As mentioned the defaults are exactly that, they are the basic building blocks provided.  It would then be up to you or the admin(if you are not he/she) to modify them as you see fit.

The defaults do show what they do.  Every group can have different levels of permissions; Read, Write, Modify, Full Control, Read/Execute, List Folder contents13.  On top of that there are an additional 13 or so advanced permissions.

Take a look here...
LVL 19

Author Comment

ID: 22825045
Thank for the reply I guess I'm just not understanding the purpose of the Creator Owner & System groups>...

LVL 32

Accepted Solution

nappy_d earned 500 total points
ID: 22825236
Once you start reading thru that last link I posted, it will all make sense.

Think of it as this analogy:

You have a house with several rooms:

Anyone can enter the house(this is your share)

But, inside the house you only want certain people to enter the different rooms(This is where your NTFS permissions take over).

Does that make sense?

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now