Solved

file/folder/ntfs missions explained

Posted on 2014-07-22
2
420 Views
Last Modified: 2014-07-30
What's the difference between the following permissions set at these levels:  

file\folder\ntfs


I went onto our file server and under any folder found there are the following tabs:  general/sharing/security/previous versions/customize.

My question is more related to why the permissions are set on the security tab as opposed to the sharing tab?  Is there a best practice for setting permissions?  This is within a Windows 2003 and soon to be 2008r2 environment.
0
Comment
Question by:uppercut7141
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
ID: 40212048
from my understanding.

share permission is the permission to access the shared folder level, however after it gets to that it will start looking at the NTFS permission.

There are also Folder level permission and File Level permission as well.

Example, you can set someone to able to read the Shared folder \\server\sharing but the files under that folder can be restricted to be accessed as well.

under security -->advanced, by default it is set to This folder, subfolder and files. permission can be changed to, example, just this folder which means it is just permission set to this folder level, and you can set permission to only subfolder and files as well.

I don't think really any best practice regarding on this, because as my personal opinion, it is all per scenarios bases.

Hope this help.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40212495
Share security is very basic. All you can set there is whether a user or group is allowed to read, or read and write, or not allowed to access the share. There is no in-between, and it doesn't set any restrictions on the files that you save on those remote locations. So best practice is to either allow read and write access via a share, or none at all.

On the File-system security side (NTFS), you can have much more granular control, and it is not just for shared folders, but also for local access. So normally you set all the properties on that level. Also, it is best practice not to set any properties to a certain user account, but rather to groups, and then add the users who are allowed access to those specific groups. This allows for more flexibility, and users can come and go.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s an age old story, whether you’re looking for full-time employment or contract work. In order to land a job, you must have experience.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question