sunhux
asked on
customize Windows explorer such that Everyone can't get selected when users do folder sharing
Refer to attached screen (following the red arrows from left to right): Everyone will be default gets added unless users specifically delete it or click on Deny.
Is there anyway to customize Windows explorer or GPO such that "Everyone" can never get selected?
We have too many requests from users to share out a folder on their laptops & we don't want to completely
disable them from doing the Sharing otherwise users will be raising SRs for us to do it which is overwhelming
We have Win 7 mostly plus a few Win XP & Win 8
ShareDefaultPermEveryone.JPG
Is there anyway to customize Windows explorer or GPO such that "Everyone" can never get selected?
We have too many requests from users to share out a folder on their laptops & we don't want to completely
disable them from doing the Sharing otherwise users will be raising SRs for us to do it which is overwhelming
We have Win 7 mostly plus a few Win XP & Win 8
ShareDefaultPermEveryone.JPG
When setting Sharing permissions, Everyone must have Full Control. Then, granular control is set at the NTFS level.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
McKnife.
It works using this procedure:
Right-click folder.
Pick Sharing tab.
Pick Advanced Sharing
Set Share this Folder.
Pick Permissions
Give Everyone Full permissions.
OK to return to Properties dialog.
In Security, add desired group, giving Read-only permissions.
It works using this procedure:
Right-click folder.
Pick Sharing tab.
Pick Advanced Sharing
Set Share this Folder.
Pick Permissions
Give Everyone Full permissions.
OK to return to Properties dialog.
In Security, add desired group, giving Read-only permissions.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> NVIT, please, that is not correct. The best practice is to set share permissions to everyone:modify for writable share or to everyone:read for read-only shares and then use NTFS permissions.
I tried it once with Share perms=Full. Then once with share perms=Change. With perms=Change, users can't modify the security permissions.
I stand corrected. Thanks, McKnife.
Now thinking about setups I've done in the past... 8-o
I tried it once with Share perms=Full. Then once with share perms=Change. With perms=Change, users can't modify the security permissions.
I stand corrected. Thanks, McKnife.
Now thinking about setups I've done in the past... 8-o
ASKER
Phew, can't believe that "Everyone" needs to be granted at least Read access for a share to be accessible.
So it's the files in the folder that should be granted Read access to Everyone, right?
So it's the files in the folder that should be granted Read access to Everyone, right?
In the share permissions, grant at least read access to everyone. But in the NTFS permissions, everyone should not be used. That is admin's 101, did you never do that?
ASKER
I'm no Wintel admin; just know Unix "chmod" & "chown" & some setacl in Solaris:
any links to elaborate on NTFS permissions to a newbie?
any links to elaborate on NTFS permissions to a newbie?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can say that twice!
But what's more important: It shows that people don't test their setups but trust Microsoft to do it right.
But what's more important: It shows that people don't test their setups but trust Microsoft to do it right.
ASKER
So icacls command deals with NTFS (ie folder/files) permission and not shares permission,
is this right?
is this right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER