When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.

Slides:



Advertisements
Similar presentations
Lecture 10 Sharing Resources. Basics of File Sharing The core component of any server is its ability to share files. In fact, the Server service in all.
Advertisements

File Server Organization and Best Practices IT Partners June, 02, 2010.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
1 Module 6 Securing Network Resources with NTFS Permissions.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 File systems security: Shared folders & NTFS permissions, EFS (Week 6, Monday 2/12/2007) © Abdou Illia, Spring 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
MIS Chapter 51 Chapter 5 – Managing File Access MIS 431 Created Spring 2006.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Group Accounts; Securing Resources with Permissions
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.
1 Module 5 Securing Network Resources with Shared Folder Permissions.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Chapter 5 File and Printer Services
Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Week 9 Objectives Securing Files and Folders Protecting Shared Files and Folders by Using Shadow Copies Configuring Network Printing.
Implementing File and Print Services
With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Module 4 Managing Access to Resources in Active Directory ® Domain Services.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Module 3: Configuring File Access and Printers on Windows 7 Clients
Chapter 8 Configuring and Managing Shared Folder Security.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Module 5: Managing Access to Objects in Organizational Units.
Lecture 6 File, Folder and Share Security. Objectives Managing file and folder security.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Managing Data by Using NTFS. Overview Introduction to NTFS Permissions How Windows 2000 Applies NTFS Permissions Using NTFS Permissions Using Special.
Securing Network Resources with NTFS Permissions.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Configuring and Managing Resource Access Lecture 5.
1 Chapter Overview Understanding Shared Folders Planning, Sharing, and Connecting to Shared Folders Combining Shared Folder Permissions and NTFS Permissions.
Windows Server 2003 檔案分享管理 林寶森
1 Introduction to Shared Folders Shared folders provide network users access to files. Users connect to the shared folder over the network. Users must.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
11/06/ أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 5.
11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.
ITMT Windows 7 Configuration Chapter 6 – Sharing Resource ITMT 1371 – Windows 7 Configuration 1.
Introduction to NTFS Permissions
Lesson 4: Configuring File and Share Access
Module 4: Managing Access to Resources
Managing Data by Using NTFS
Managing Data by Using NTFS
Chapter 9: Managing Groups, Folders, Files, and Object Security
Windows Vista Inside Out
Calculating Effective Permissions Manually
Calculating Effective Permissions Manually
Presentation transcript:

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign the share permission READ to EVERYONE and assign FULL CONTROL NTFS permissions to Everyone, users connecting through the network will have Read permissions. When accessing a file locally, only NTFS permissions apply 1 Combining Shared Folder and NTFS Permissions

Calculating Effective Permissions Both Share and NTFS Permissions are Cumulative Cumulative permissions: Permissions are combined when a user is not explicitly denied access A user's effective permissions for a resource are the sum of the NTFS permissions that you assign to the individual user account and to all of the groups to which the user belongs. i.e. If a user has Read permissions for a folder and is a member of a group with write permissions for the same folder, the user’s cumulative permissions are both Read and Write 2

Calculating Effective Permissions To calculate effective permissions when combining share permissions and NTFS 1. Determine the effective NTFS permissions 2. Determine the effective share permissions 3. Take the most restrictive of the two. 3

4 You share a folder on your computer and you assign the share permission Change to Everyone. John, a user from the Sales Department, has been granted Full Control NTFS permissions to the folder. John is a member of the Sales Group, which has been assigned the READ NTFS permission. What are John’s effective permissions when connecting to the share from across the network? Share Permissions of PublicApps Everyone Change NTFS Permissions of PublicApps John: Full Control Sales: Read Sample Calculation

5 John’s Effective NTFS Permissions: Full Control John’s Effective Share Permissions: Change Most Restrictive of the two: Change Share Permissions of PublicApps Everyone Change NTFS Permissions of PublicApps John: Full Control Sales: Read Sample Calculation

Rules to Remember If you or a group you belong to is on both the share permissions access control list (ACL) and the NTFS ACL, you can browse into the share If you or a group you belong to is on only the share ACL, you cannot browse in but, if you have rights to folders beneath the shared folder you can access them using a UNC path. If you or a group you belong to are only on the NTFS ACL, you cannot browse into the share and you cannot access any folders beneath the share, even if you have rights to them. 6

7 Share Permissions Everyone Full Control A Suggested Security Assignment for PUBLIC APPLICATION FOLDERS Permissions assigned here assume that all users in the domain should be able to run programs that exist in any of the share’s subfolders. NTFS Permissions PublicApps: Administrators Full Control Users Read & Execute; List Folder Contents; Read If the PublicApps folder is created at the root of the drive and Microsoft’s default NTFS permissions haven’t been changed at the root, you can use the default NTFS permissions.

8 NTFS Permissions PublicApps: Administrators Full Control Users: Read and Execute List Folder Contents Read If the PublicApps folder is created at the root of the drive and Microsoft’s default NTFS permissions haven’t been changed at the root, you can use the default NTFS permissions. Share Permissions Users Read Administrators Full Control A Suggested Security Assignment for PUBLIC APPLICATION FOLDERS Permissions assigned here assume that all users in the domain should be able to run programs that exist in any of the share’s subfolders.

9 Share Permissions Everyone Full Control A Suggested Security Assignment for PUBLIC DATA FOLDERS NTFS Permissions PublicData: Administrators Full Control Users everything but Full Control Permissions assigned here assume that all users are able to add to, delete from and change the contents of files in the shared folder area. Users should not however be able to change permissions on a file or folder nor should they be able to take ownership of a file or folder.

10 Share Permissions Administrators Full Control Users Change A Suggested Security Assignment for PUBLIC DATA FOLDERS NTFS Permissions PublicData: Administrators Full Control Users everything but Full Control Permissions assigned here assume that all users are able to add to, delete from and change the contents of files in the shared folder area. Users should not however be able to change permissions on a file or folder nor should they be able to take ownership of a file or folder.

11 A Suggested Security Assignment for PRIVATE APPLICATION FOLDERS NTFS Permissions PrivateApps: Administrators Full Control Remove Inheritance from above (do not allow inheritable permissions from this object’s parent) After removing the inheritance make sure Administrators have full control applied to This folder, subfolders and files. Each subfolder Administrators should already be assigned full control because of inheritance Assign each group the following permissions to their department’s respective folder (i.e., Sales group to the Sales folder; Marketing group to the Marketing folder, etc.) (users in each department will have to access their respective folder via the UNC path) Read and Execute, List Folder Contents Read Permissions assigned here assume that users in each department should only have access to their department’s applications. (i.e., Accounting can only access Accounting; Sales can only access Sales, etc.) Share Permissions Everyone Full Control

12 A Suggested Security Assignment for PRIVATE APPLICATION FOLDERS NTFS Permissions PrivateApps: Administrators Full Control Users Read and Execute, List Folder Contents, Read If the PrivateApps folder is created at the root of the drive and Microsoft’s default NTFS permissions haven’t been changed at the root, you can use the default NTFS permissions. Each subfolder Remove Inheritance from above (do not allow inheritable permissions from this object’s parent) After removing the inheritance make sure Administrators have full control applied to This folder, subfolders and files. Assign each group the following permissions to their department’s respective folder (i.e., Sales group to the Sales folder; Marketing group to the Marketing folder, etc.) Read and Execute, List Folder Contents Read Permissions assigned here assume that users in each department should only have access to their department’s applications. (i.e., Accounting can only access Accounting; Sales can only access Sales, etc.) Share Permissions Everyone Full Control

13 Share Permissions Everyone Full Control A Suggested Security Assignment for PRIVATE DATA FOLDERS NTFS Permissions PrivateData: Administrators Full Control Remove Inheritance from above (do not allow inheritable permissions from this object’s parent) After removing the inheritance make sure Administrators have full control applied to This folder, subfolders and files. Each subfolder Administrators should already be assigned full control because of inheritance Assign each group everything but Full Control to their respective folder (i.e., Sales group to the Sales folder; Marketing group to the Marketing folder, etc.) (users in each department will have to access their respective folder via the UNC path) Permissions assigned here assume that users in each department should only have access to their department’s data. Users in each department should be able to add to, delete from and change the contents of files in their department’s folder.

14 Share Permissions Everyone Full Control A Suggested Security Assignment for PRIVATE DATA FOLDERS Permissions assigned here assume that users in each department should only have access to their department’s data. Users in each department should be able to add to, delete from and change the contents of files in their department’s folder. NTFS Permissions PrivateData: Administrators Full Control Users Read and Execute, List Folder Contents, Read If the PrivateData folder is created at the root of the drive and Microsoft’s default NTFS permissions haven’t been changed at the root, you can use the default NTFS permissions. Each subfolder Remove Inheritance from above (do not allow inheritable permissions from this object’s parent) After removing the inheritance make sure Administrators have full control applied to This folder, subfolders and files. Assign each group everything but Full Control to their department’s respective folder (i.e., Sales group to the Sales folder; Marketing group to the Marketing folder, etc.)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.