Solved

Windows Share permissons vs NTFS permissions

Posted on 2016-09-13
8
64 Views
Last Modified: 2016-09-13
I am setting up a remote virtual directory.  The share has it's own permissions and I added all the users I want to access the share through the share permissons.  The NTFS folder on the PC also has a security permissions.

To access the share does the NTFS folder and the Share permission folder have to have the same users? It seems they do not but I was not sure.  I thought the NTFS security controlled the local access to the PC while the share permissions control the access through the network.  Can someone clarify for me to be sure I got this correct?
0
Comment
Question by:kdschool
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 41796075
The share permissions are only very basic, and just giving all permissions on that level is best practice.

NTFS security is much more granular, and this is where you should say which group is allowed to do what. Always use groups rather than single User accounts. It is much easier to add or remove users to or from a group, rather than to go to every folder and adapt the permissions if users change.
0
 

Author Comment

by:kdschool
ID: 41796098
so if I give permissions on the share then those folks can access the file through the network?
0
 
LVL 88

Expert Comment

by:rindi
ID: 41796116
If the NTFS permissions allow them to, yes.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:kdschool
ID: 41796121
So they need both the NTFS permissions and permission on the share to access the files?
0
 
LVL 88

Accepted Solution

by:
rindi earned 500 total points
ID: 41796140
Yes.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41796272
Correction: Best practice is to set share permissions to everyone:modify, not full! Very important.
0
 
LVL 24

Expert Comment

by:NVIT
ID: 41796344
Supporting info on why
you should use Read/Write or Modify for Shares....
https://www.experts-exchange.com/questions/28955946/customize-Windows-explorer-such-that-Everyone-can't-get-selected-when-users-do-folder-sharing.html#a41694951, where I mistakenly believed Everyone must have Full Control for the Share and granular control at the NTFS (Security) level.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41796410
Thanks, NVIT.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question