Solved

file/folder/ntfs missions explained

Posted on 2014-07-22
2
401 Views
Last Modified: 2014-07-30
What's the difference between the following permissions set at these levels:  

file\folder\ntfs


I went onto our file server and under any folder found there are the following tabs:  general/sharing/security/previous versions/customize.

My question is more related to why the permissions are set on the security tab as opposed to the sharing tab?  Is there a best practice for setting permissions?  This is within a Windows 2003 and soon to be 2008r2 environment.
0
Comment
Question by:uppercut7141
2 Comments
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
ID: 40212048
from my understanding.

share permission is the permission to access the shared folder level, however after it gets to that it will start looking at the NTFS permission.

There are also Folder level permission and File Level permission as well.

Example, you can set someone to able to read the Shared folder \\server\sharing but the files under that folder can be restricted to be accessed as well.

under security -->advanced, by default it is set to This folder, subfolder and files. permission can be changed to, example, just this folder which means it is just permission set to this folder level, and you can set permission to only subfolder and files as well.

I don't think really any best practice regarding on this, because as my personal opinion, it is all per scenarios bases.

Hope this help.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40212495
Share security is very basic. All you can set there is whether a user or group is allowed to read, or read and write, or not allowed to access the share. There is no in-between, and it doesn't set any restrictions on the files that you save on those remote locations. So best practice is to either allow read and write access via a share, or none at all.

On the File-system security side (NTFS), you can have much more granular control, and it is not just for shared folders, but also for local access. So normally you set all the properties on that level. Also, it is best practice not to set any properties to a certain user account, but rather to groups, and then add the users who are allowed access to those specific groups. This allows for more flexibility, and users can come and go.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you believe the “gig economy,” as it has been dubbed, is the next big economic paradigm shift (https://www.theguardian.com/commentisfree/2015/jul/26/will-we-get-by-gig-economy) or an overstated trend (http://www.wsj.com/articles/proof-of-a-g…
With the shift in today’s hiring climate (http://blog.experts-exchange.com/ee-blog/5-tips-on-succeeding-in-the-new-gig-economy/?cid=Blog_031816), many companies are choosing to hire freelancers to get projects completed efficiently and inexpensively…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now