Link to home
Get AccessLog in
Avatar of kdschool
kdschool

asked on

Windows Share permissons vs NTFS permissions

I am setting up a remote virtual directory.  The share has it's own permissions and I added all the users I want to access the share through the share permissons.  The NTFS folder on the PC also has a security permissions.

To access the share does the NTFS folder and the Share permission folder have to have the same users? It seems they do not but I was not sure.  I thought the NTFS security controlled the local access to the PC while the share permissions control the access through the network.  Can someone clarify for me to be sure I got this correct?
Avatar of rindi
rindi
Flag of Switzerland image

The share permissions are only very basic, and just giving all permissions on that level is best practice.

NTFS security is much more granular, and this is where you should say which group is allowed to do what. Always use groups rather than single User accounts. It is much easier to add or remove users to or from a group, rather than to go to every folder and adapt the permissions if users change.
Avatar of kdschool
kdschool

ASKER

so if I give permissions on the share then those folks can access the file through the network?
If the NTFS permissions allow them to, yes.
So they need both the NTFS permissions and permission on the share to access the files?
ASKER CERTIFIED SOLUTION
Avatar of rindi
rindi
Flag of Switzerland image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Correction: Best practice is to set share permissions to everyone:modify, not full! Very important.
Supporting info on why
you should use Read/Write or Modify for Shares....
https://www.experts-exchange.com/questions/28955946/customize-Windows-explorer-such-that-Everyone-can't-get-selected-when-users-do-folder-sharing.html?anchorAnswerId=41694951#a41694951, where I mistakenly believed Everyone must have Full Control for the Share and granular control at the NTFS (Security) level.
Thanks, NVIT.