Solved

file/folder/ntfs missions explained

Posted on 2014-07-22
2
389 Views
Last Modified: 2014-07-30
What's the difference between the following permissions set at these levels:  

file\folder\ntfs


I went onto our file server and under any folder found there are the following tabs:  general/sharing/security/previous versions/customize.

My question is more related to why the permissions are set on the security tab as opposed to the sharing tab?  Is there a best practice for setting permissions?  This is within a Windows 2003 and soon to be 2008r2 environment.
0
Comment
Question by:uppercut7141
2 Comments
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
ID: 40212048
from my understanding.

share permission is the permission to access the shared folder level, however after it gets to that it will start looking at the NTFS permission.

There are also Folder level permission and File Level permission as well.

Example, you can set someone to able to read the Shared folder \\server\sharing but the files under that folder can be restricted to be accessed as well.

under security -->advanced, by default it is set to This folder, subfolder and files. permission can be changed to, example, just this folder which means it is just permission set to this folder level, and you can set permission to only subfolder and files as well.

I don't think really any best practice regarding on this, because as my personal opinion, it is all per scenarios bases.

Hope this help.
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40212495
Share security is very basic. All you can set there is whether a user or group is allowed to read, or read and write, or not allowed to access the share. There is no in-between, and it doesn't set any restrictions on the files that you save on those remote locations. So best practice is to either allow read and write access via a share, or none at all.

On the File-system security side (NTFS), you can have much more granular control, and it is not just for shared folders, but also for local access. So normally you set all the properties on that level. Also, it is best practice not to set any properties to a certain user account, but rather to groups, and then add the users who are allowed access to those specific groups. This allows for more flexibility, and users can come and go.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Live is the evolution of Q&A. Get your technology problems solved instantly by connecting with technology experts instantly. Pair programming has never been easier.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now