Windows Permissions Question
Results 1 to 7 of 7

Thread: Windows Permissions Question

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    199

    Windows Permissions Question

    Hi there,

    I'm probably being stupid but does anyone know the difference between the permissions for a "share" for directory A and the permissions set on a directory A in a Windows environment?
    That is the permissions set in the "sharing" tab and the permissions in the "security" tab.


    Thanks in advance for any ideas

    -

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm not sure there is a difference...

    What symptoms are you experiencing?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Jan 2004
    Posts
    199
    Thanks for the fast reply.

    I'm not having any direct problems. It was on a worksheet i had to do in an internet services admin module earlier today and it had some questions throughout to make you think, but i just could not work that one out. I asked the guy running it and he could not remember.

    :S

    As far as i can think if you let a user or a group have access to the directory on the server then all the "share" permissions can do is act as another filter that can allow remote only filtering of who can do what. But that is only a guess.
    -

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Anyone who knows please feel free to jump in and correct me...

    It's an NTFS files system I'm assuming....

    As such the persmissions and rights are set at the filesystem level... whether the folder is shared or unshared. You apply permissions based on "known" users, (yes, there's Anonymous etc.), but the permissions are based on the authentication granted by the local computer or the domain, (excluding Anon etc.), so they shouldn't differ...

    That's my thoughts on the issue... I'm fairly sure I am right... But the first sentence applies...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    I would say that these are two different access control mechanisms -
    one for shared resources, one for the NTFS file system.

    "You can control access to shared resources with a variety of methods.
    You can use share permissions, which are simple to apply and manage.
    Or, you can use access control on the NTFS file system, which provides
    more detailed control of the shared resource and its contents."[1]

    and most importantly:

    "You can also use a combination of these methods. If you use a combination
    of these methods, the more restrictive permission always applies"


    So, I suggest you to play with it to get a feeling. Two typical scenarios:


    a) Share is full access for Everyone; NTFS file system says: read only (except Administrator).
    b) Share is read access for Everyone; NTFS file system says: full access for Everyone.


    In both cases, connected as non-Administrator, you will be able to read only.
    In anycase, I would prefer Scenario a): never trust share permission, set the
    correct permissions on the file system.

    Cheers

    [1] http://technet2.microsoft.com/Window...29e5e1033.mspx
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  6. #6
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    In a Windows network environment, the file and folder permissions (ACLs) are part of the file system (NTFS). In NTFS you can set permissions to a user or a group and it goes down to the file level and does not go up to the drive level. In the share permissions, this is a network access setting and provides another layer of access to the drive and folder level security. It doesn't go down to the file level, per se, but files inherit the share permissions of the parent folder (container).

    How 'bout them apples?

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    You have to understand... I was talking about "per_s_missions" as oppsed to "permissions"... I hate typo's... LOL
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •