File Server ACL's at root and sub directory level
Posted on 2013-06-06
Can I ask a quesion about access permissions on file servers.Our admin ran us some MBSA scans over our 5 corporate file servers that lists out the share and directory access control lists. I appreciate this software reports the permissions at the root folder level i.e. \\server\share - but what is baffling me is the groups listed are only admin type groups, there's no entries for normal user groups who will be using these file server shares for team areas. So is it common to not add user groups at this level, and then add them at a sub directory level. i.e. \\server\share\directoryteam1 \\server\share\directoryteam2
What confuses me is don't you need some access to the root folder to be able to access any sub directory? i.e. if say domain user group "finance" isn't listed on the share or directory ACL at the root folder \\server\share but then they do have access to \\server\share\financesfolder will they be able to still access \\server\share\financesfolder if they don't have access to \\server\share
Is this kind of setup common?