WS 2003 Fileshare Permissions

Question

andybot 0 Newbie Poster

16 Years Ago

Greetz,

I'm facing slight confusion over permissions on a Fileserver running Windows Server 2003.

I've created a number of new shared folders and moved data across no problem.

The share permissions are set as 'everyone' having full control and since the most restrictive permissions are applied I've allocated individual NTFS permissions for read, write, modify etc.

all good until disaster strikes in the form of a basic user being able to access confidential info in a share locked down as described above. they were not added to the NTFS access control list so presumably should have been denied entry to the folder.....

I guess the crux of my query is...if a user does not have any permissions applied through NTFS and the share permissions are set as everyone : full control, then by default will people have full control or no access?? :confused:

thanks in advance like.

andy.

windows-nt-2000-xp

2 Contributors
2 Replies
88 Views
20 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by andybot

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Bob_180_Bob 41 Posting Virtuoso · Answer 1 · 2008-08-11T06:24:05+00:00

You have set permission for everyone to access everything and then set special permision for some people to access some things. Now everyone can access everything and some people can access everything plus they can also access the files you have set for them that you have already given them permission to access.

andybot 0 Newbie Poster · Answer 2 · 2008-08-11T20:39:22+00:00

hmmmm i'm sure i've read it's best practice to give everyone full access using share permissions and restrict using NTFS (because these permissions take affect both locally and over the network.)

if i'm doing this then the only way i can lock down access further is by using the deny attribute in NTFS(?) which, as it overwrites all other permissions can't be used to lock down the everyone group. alternatively maybe i need to add 'everyone' as a entry in NTFS and remove all permissions???

i'm sure there must a (relatively) simple solution to this as really i'm just after the best practice method of locking down folders and opening up access to individual users using share and NTFS rights...

hope this makes sense and ta for the reply :icon_cool: