Solved

file/folder/ntfs missions explained

Posted on 2014-07-22
2
407 Views
Last Modified: 2014-07-30
What's the difference between the following permissions set at these levels:  

file\folder\ntfs


I went onto our file server and under any folder found there are the following tabs:  general/sharing/security/previous versions/customize.

My question is more related to why the permissions are set on the security tab as opposed to the sharing tab?  Is there a best practice for setting permissions?  This is within a Windows 2003 and soon to be 2008r2 environment.
0
Comment
Question by:uppercut7141
2 Comments
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
ID: 40212048
from my understanding.

share permission is the permission to access the shared folder level, however after it gets to that it will start looking at the NTFS permission.

There are also Folder level permission and File Level permission as well.

Example, you can set someone to able to read the Shared folder \\server\sharing but the files under that folder can be restricted to be accessed as well.

under security -->advanced, by default it is set to This folder, subfolder and files. permission can be changed to, example, just this folder which means it is just permission set to this folder level, and you can set permission to only subfolder and files as well.

I don't think really any best practice regarding on this, because as my personal opinion, it is all per scenarios bases.

Hope this help.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40212495
Share security is very basic. All you can set there is whether a user or group is allowed to read, or read and write, or not allowed to access the share. There is no in-between, and it doesn't set any restrictions on the files that you save on those remote locations. So best practice is to either allow read and write access via a share, or none at all.

On the File-system security side (NTFS), you can have much more granular control, and it is not just for shared folders, but also for local access. So normally you set all the properties on that level. Also, it is best practice not to set any properties to a certain user account, but rather to groups, and then add the users who are allowed access to those specific groups. This allows for more flexibility, and users can come and go.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
There are many benefits to finding online courses that align with your personal or career goals. Read more about our reasons for continuing your education in technology.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question