Solved

Windows Share permissons vs NTFS permissions

Posted on 2016-09-13
8
53 Views
Last Modified: 2016-09-13
I am setting up a remote virtual directory.  The share has it's own permissions and I added all the users I want to access the share through the share permissons.  The NTFS folder on the PC also has a security permissions.

To access the share does the NTFS folder and the Share permission folder have to have the same users? It seems they do not but I was not sure.  I thought the NTFS security controlled the local access to the PC while the share permissions control the access through the network.  Can someone clarify for me to be sure I got this correct?
0
Comment
Question by:kdschool
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 87

Expert Comment

by:rindi
ID: 41796075
The share permissions are only very basic, and just giving all permissions on that level is best practice.

NTFS security is much more granular, and this is where you should say which group is allowed to do what. Always use groups rather than single User accounts. It is much easier to add or remove users to or from a group, rather than to go to every folder and adapt the permissions if users change.
0
 

Author Comment

by:kdschool
ID: 41796098
so if I give permissions on the share then those folks can access the file through the network?
0
 
LVL 87

Expert Comment

by:rindi
ID: 41796116
If the NTFS permissions allow them to, yes.
0
 

Author Comment

by:kdschool
ID: 41796121
So they need both the NTFS permissions and permission on the share to access the files?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 87

Accepted Solution

by:
rindi earned 500 total points
ID: 41796140
Yes.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41796272
Correction: Best practice is to set share permissions to everyone:modify, not full! Very important.
0
 
LVL 23

Expert Comment

by:NVIT
ID: 41796344
Supporting info on why
you should use Read/Write or Modify for Shares....
https://www.experts-exchange.com/questions/28955946/customize-Windows-explorer-such-that-Everyone-can't-get-selected-when-users-do-folder-sharing.html#a41694951, where I mistakenly believed Everyone must have Full Control for the Share and granular control at the NTFS (Security) level.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41796410
Thanks, NVIT.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now