Windows 2003 Folder Permissions Problems  - - - Urgent

Posted on 2008-10-28
Last Modified: 2009-01-21
I'm in the process of move share from my old file server to my new one using Secure Copy 4.11. Anyway my share structure on my new server is as follows:
All of the users home directories go under the "Home" direcotory folder. Anyway my newly migratied shares have not only the domain user listed but the following groups as well: USERS, Creator, SYStem and of course Administrators. Is it ok for me to remove the USERS, CREATOR & SYSTEM groups from the parents folders? What are the downsides of doing this? What is the purposes of these groups? How do share and ntfs permissions differ??

Thanks Again.
Question by:compdigit44
  • 4
  • 3
LVL 32

Expert Comment

ID: 22821099
The share permissons allow you to share a folder or a drive.  The NTFS permissions allow you to control the permissions to a specific file or directory within a share.

The way I work(and probably many others too) you give full control with your share permissions and then control file and directory access with the NTFS permissions.  Here is one of may links wth further information.
LVL 19

Author Comment

ID: 22821170
Thanks for the reply nappy_d: I'm still confused though...What is the purpose of the follow local group though: server\Creator Owner, server\System & server\Users. Is it ok for me to remove these group from the parent directory so these extra group do no propogate to the child folders? What are the purposes of these groups???????/
LVL 32

Expert Comment

ID: 22821208
Before removing any permissions, make sure you have sound understanding of what is being done.

Those permissions are the defaulted permissions added by your system.  The only one I may suggest you look at removing is users.


Users are generally people who are not admins but need access to the computer or files.

Creator Owner, is the person who created the directory and thus becomes the owner

You should draw outon paper how you want your permissions setup before you start making changes.
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

LVL 19

Author Comment

ID: 22821304
Does Microsoft or any other website out there list what the purpose of these defaults groups in Windows 2003 do??
LVL 32

Expert Comment

ID: 22821355
Yes they do.

As mentioned the defaults are exactly that, they are the basic building blocks provided.  It would then be up to you or the admin(if you are not he/she) to modify them as you see fit.

The defaults do show what they do.  Every group can have different levels of permissions; Read, Write, Modify, Full Control, Read/Execute, List Folder contents13.  On top of that there are an additional 13 or so advanced permissions.

Take a look here...
LVL 19

Author Comment

ID: 22825045
Thank for the reply I guess I'm just not understanding the purpose of the Creator Owner & System groups>...

LVL 32

Accepted Solution

nappy_d earned 500 total points
ID: 22825236
Once you start reading thru that last link I posted, it will all make sense.

Think of it as this analogy:

You have a house with several rooms:

Anyone can enter the house(this is your share)

But, inside the house you only want certain people to enter the different rooms(This is where your NTFS permissions take over).

Does that make sense?

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now