hypercube
asked on
Nonuniform Share permissions across files and folders of a Windows 10 drive
I've been trying to apply uniform Share permissions across the files and folders of an entire drive in a domain-joined Windows 10 Pro workstation.
I can take the steps but the results look strange.
(I've run sfc and DISM just lately on the host).
If I look at the Share permissions, they vary across the folders.
I did re-propogate the Security permissions just in case that it would have some effect. Wishful thinking...
I've not yet tried logging into different users on the host to see if there are differences.
When I look at properties over the network, I don't see a Sharing tab at all......
I can take the steps but the results look strange.
(I've run sfc and DISM just lately on the host).
If I look at the Share permissions, they vary across the folders.
I did re-propogate the Security permissions just in case that it would have some effect. Wishful thinking...
I've not yet tried logging into different users on the host to see if there are differences.
When I look at properties over the network, I don't see a Sharing tab at all......
You cannot see share permissions remotely via Windows Explorer. Shares are managed remotely via the Computer Management MMC snap-in.
ASKER
kevinhsieh: Thank you!
Yes, I do know the two kinds of permissions (or thought I did!) and am digging into those types a bit deeper.
If I might ask:
Otherwise, we would have a folder shared FULL with this User residing within a folder with NONE or READ or....
Right?
I do understand "the most restrictive applies between Share and NTFS permissions".
I feel like I'm missing something fundamental.
Yes, I understand the initial model idea. I'm trying to use it throughout - when it makes sense to change things.
But, I've been working on a case where I want to switch permissions quickly (avoiding long times for propagation of inheritance) and the Share permissions were recommended for that purpose. So, I was treating it as a "special case".
I posted this question mostly about Share permissions as seen at the host.
Yes, I do know the two kinds of permissions (or thought I did!) and am digging into those types a bit deeper.
If I might ask:
The first is the share permissions, which apply to everything in the entire share.This seems to be at odds with what I observed on the local host:
If I look at the Share permissions, they vary across the folders.What I found came as quite a surprise. So I'm trying to understand. As I understand your comment on this, it should not be that way - which is what I also thought!
even if you are an administrator or have full control on a sub folderThis was in the context of Share permissions. Still, I assumed you meant:
even if you are an administrator or have NTFS full control on a sub folder... because, if not NTFS, this suggests non-uniform Share permissions. ???
Otherwise, we would have a folder shared FULL with this User residing within a folder with NONE or READ or....
Right?
I do understand "the most restrictive applies between Share and NTFS permissions".
I feel like I'm missing something fundamental.
Yes, I understand the initial model idea. I'm trying to use it throughout - when it makes sense to change things.
But, I've been working on a case where I want to switch permissions quickly (avoiding long times for propagation of inheritance) and the Share permissions were recommended for that purpose. So, I was treating it as a "special case".
I posted this question mostly about Share permissions as seen at the host.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Kevin!
The second set of permissions is NTFS, which you should be familiar with. NTFS permissions are granular and can vary per folder and even per file.
I continue to follow the initial model for setting permissions first laid out with Windows NT. Give EVERYONE full control permissions on the share, and put the real controls on the files and folders using NTFS. The effective permissions over the network is the intersection of permissions allowed through the share and the NTFS. By making the share permissions the least restrictive possible, it reduces the challenge of setting proper controls to just getting the NTFS permissions correct.