Solved

file/folder/ntfs missions explained

Posted on 2014-07-22
2
446 Views
Last Modified: 2014-07-30
What's the difference between the following permissions set at these levels:  

file\folder\ntfs


I went onto our file server and under any folder found there are the following tabs:  general/sharing/security/previous versions/customize.

My question is more related to why the permissions are set on the security tab as opposed to the sharing tab?  Is there a best practice for setting permissions?  This is within a Windows 2003 and soon to be 2008r2 environment.
0
Comment
Question by:uppercut7141
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
ID: 40212048
from my understanding.

share permission is the permission to access the shared folder level, however after it gets to that it will start looking at the NTFS permission.

There are also Folder level permission and File Level permission as well.

Example, you can set someone to able to read the Shared folder \\server\sharing but the files under that folder can be restricted to be accessed as well.

under security -->advanced, by default it is set to This folder, subfolder and files. permission can be changed to, example, just this folder which means it is just permission set to this folder level, and you can set permission to only subfolder and files as well.

I don't think really any best practice regarding on this, because as my personal opinion, it is all per scenarios bases.

Hope this help.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40212495
Share security is very basic. All you can set there is whether a user or group is allowed to read, or read and write, or not allowed to access the share. There is no in-between, and it doesn't set any restrictions on the files that you save on those remote locations. So best practice is to either allow read and write access via a share, or none at all.

On the File-system security side (NTFS), you can have much more granular control, and it is not just for shared folders, but also for local access. So normally you set all the properties on that level. Also, it is best practice not to set any properties to a certain user account, but rather to groups, and then add the users who are allowed access to those specific groups. This allows for more flexibility, and users can come and go.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding a job can be stressful - searches, resume tweaks, and networking events can be super boring. Luckily we're here to help you land your dream job!
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question