kdschool
asked on
Windows Share permissons vs NTFS permissions
I am setting up a remote virtual directory. The share has it's own permissions and I added all the users I want to access the share through the share permissons. The NTFS folder on the PC also has a security permissions.
To access the share does the NTFS folder and the Share permission folder have to have the same users? It seems they do not but I was not sure. I thought the NTFS security controlled the local access to the PC while the share permissions control the access through the network. Can someone clarify for me to be sure I got this correct?
To access the share does the NTFS folder and the Share permission folder have to have the same users? It seems they do not but I was not sure. I thought the NTFS security controlled the local access to the PC while the share permissions control the access through the network. Can someone clarify for me to be sure I got this correct?
ASKER
so if I give permissions on the share then those folks can access the file through the network?
If the NTFS permissions allow them to, yes.
ASKER
So they need both the NTFS permissions and permission on the share to access the files?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Correction: Best practice is to set share permissions to everyone:modify, not full! Very important.
Supporting info on why
you should use Read/Write or Modify for Shares....
https://www.experts-exchange.com/questions/28955946/customize-Windows-explorer-such-that-Everyone-can't-get-selected-when-users-do-folder-sharing.html?anchorAnswerId=41694951#a41694951, where I mistakenly believed Everyone must have Full Control for the Share and granular control at the NTFS (Security) level.
you should use Read/Write or Modify for Shares....
https://www.experts-exchange.com/questions/28955946/customize-Windows-explorer-such-that-Everyone-can't-get-selected-when-users-do-folder-sharing.html?anchorAnswerId=41694951#a41694951, where I mistakenly believed Everyone must have Full Control for the Share and granular control at the NTFS (Security) level.
Thanks, NVIT.
NTFS security is much more granular, and this is where you should say which group is allowed to do what. Always use groups rather than single User accounts. It is much easier to add or remove users to or from a group, rather than to go to every folder and adapt the permissions if users change.