?
Solved

Windows Share permissons vs NTFS permissions

Posted on 2016-09-13
8
Medium Priority
?
82 Views
Last Modified: 2016-09-13
I am setting up a remote virtual directory.  The share has it's own permissions and I added all the users I want to access the share through the share permissons.  The NTFS folder on the PC also has a security permissions.

To access the share does the NTFS folder and the Share permission folder have to have the same users? It seems they do not but I was not sure.  I thought the NTFS security controlled the local access to the PC while the share permissions control the access through the network.  Can someone clarify for me to be sure I got this correct?
0
Comment
Question by:kdschool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 41796075
The share permissions are only very basic, and just giving all permissions on that level is best practice.

NTFS security is much more granular, and this is where you should say which group is allowed to do what. Always use groups rather than single User accounts. It is much easier to add or remove users to or from a group, rather than to go to every folder and adapt the permissions if users change.
0
 

Author Comment

by:kdschool
ID: 41796098
so if I give permissions on the share then those folks can access the file through the network?
0
 
LVL 88

Expert Comment

by:rindi
ID: 41796116
If the NTFS permissions allow them to, yes.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 

Author Comment

by:kdschool
ID: 41796121
So they need both the NTFS permissions and permission on the share to access the files?
0
 
LVL 88

Accepted Solution

by:
rindi earned 2000 total points
ID: 41796140
Yes.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41796272
Correction: Best practice is to set share permissions to everyone:modify, not full! Very important.
0
 
LVL 25

Expert Comment

by:NVIT
ID: 41796344
Supporting info on why
you should use Read/Write or Modify for Shares....
https://www.experts-exchange.com/questions/28955946/customize-Windows-explorer-such-that-Everyone-can't-get-selected-when-users-do-folder-sharing.html#a41694951, where I mistakenly believed Everyone must have Full Control for the Share and granular control at the NTFS (Security) level.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41796410
Thanks, NVIT.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question