Combining Shared Folder and NTFS Permissions



Similar documents
SHARING FILE SYSTEM RESOURCES

9 Administering Shared Folders

CIFS Permissions Best Practices Nasuni Corporation Natick, MA

File systems security: Shared folders & NTFS permissions, EFS Disk Quotas

Contacts: , find, and manage your contacts

Backup and Restore with 3 rd Party Applications

WHAT S NEW 4.5. FileAudit VERSION.

Subversion Server for Windows

Objectives. At the end of this chapter students should be able to:

Security Explorer 9.5. User Guide

SharePoint 2010 Permissions Management Guide

PaperStream Connect. Setup Guide. Version Copyright Fujitsu

DeviceLock Management via Group Policy

Creating and Managing Shared Folders

Security Guidelines for MapInfo Discovery 1.1

NTFS permissions represent a core part of Windows s security system. Using

Document Management. For Microsoft Dynamics CRM 2013

Administering Active Directory. Administering Active Directory. Reading. Review: Organizational Units. Review: Domains. Review: Domain Trees

Microsoft FTP Configuration Guide for Helm 4

Exporting s from Outlook Version 1.00

DeviceLock Management via Group Policy

Microsoft Office 365 online archive features and FAQs

FTP Service Reference

Using the Local Document Organizer in ProjectWise

Office of Information Technologies (OIT) Network File Shares

Outlook Connector. Version 2 User Manual. client-side plugin. Collaborate Using Outlook. Version 2.0.0

Lab 5 Managing Access to Shared Folders

Acclipse Document Manager Integrating Outlook Contacts

Windows XP Managing Your Files

WHITE PAPER. Understanding Windows & UNIX File Permissions on GuardianOS

Windows Enterprise OU Administrator Procedures Creating a Departmental Domain DFSN Root Windows Server 2008

Setting up Dynamicweb for Load Balancing with Microsoft ARR for IIS8

Installing GS Analyze version 8.5

Lesson 14: Configuring File and Folder Access. MOAC : Configuring Windows 8.1

SharePoint. Site Owner s Manual. Please send feedback or suggestions for updates to the following address IT.Training@lse.ac.

TROUBLESHOOTING INFORMATION

SellerDeck. IIS6 Setup Guide. Detailing the setup Windows 2003 (IIS6) Server

Using NFS v4 ACLs with Samba in a multiprotocol environment

Legal and Copyright Notice

Contents. Using Web Access Managing Shared Folders Managing Account Settings Index... 39

How to Archive Items Manually (Outlook) How to Manually Archive Mail in Outlook [2014]

Exchange Account (Outlook) Mail Cleanup

FOR SYSTEM ADMINISTRATORS AND USERS. August 2012 Version 2

Backing up Microsoft Outlook For the PC Using MS Outlook 2000 Keith Roberts

Archiving Your Mail in Outlook 2007

Prerequisites Guide. Version 4.0, Rev. 1

These guidelines can dramatically improve logon and startup performance.

Access your account by clicking the link on the navigation bar. The first page you see is the Message List.

In the same spirit, our QuickBooks 2008 Software Installation Guide has been completely revised as well.

Archiving Your Mail in Outlook 2010

Chapter 1 Scenario 1: Acme Corporation

To install the SMTP service:

Reducing the Size of Your Outlook 2003 Calendar

3. Viewing and Restoring Items and Files from the Mimosa Archive

ADOBE FLASH PLAYER Local Settings Manager

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Coveo Platform 7.0. Microsoft Dynamics CRM Connector Guide

Sentral servers provide a wide range of services to school networks.

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Common Internet File Sharing (CIFS) How-To

Using Group Policy to Manage and Enforce ACL on VNX for File P/N REV A01 February 2011

Getting started with 2c8 plugin for Microsoft Sharepoint Server 2010

Enterprise Vault Whitepaper Configuring a NAS device as Enterprise Vault storage

How to Archive in Outlook 2010

NetWrix File Server Change Reporter. Quick Start Guide

1. Digital Asset Management User Guide Digital Asset Management Concepts Working with digital assets Importing assets in

Technical Bulletin. SQL Express Backup Utility

FTP Service Reference

NETWRIX FILE SERVER CHANGE REPORTER

Team Helpdesk for Outlook Managerial Installation and Configuration

SharePoint 2013 Permissions Guide

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Wavecrest Certificate

ing a large amount of recipients

REDUCING YOUR MICROSOFT OUTLOOK MAILBOX SIZE

Quick Start Articles provide fast answers to frequently asked questions. Quick Start Article

Group Policy 21/05/2013

Making the Most of Files & Folders. Schoolwires Centricity2

Z-Term V4 Administration Guide

Migration Strategies and Tools for the HP Print Server Appliance

In this tutorial I will be uploading multiple images to my ftp folder on my ktools site, and then add them using manager.

Moving PCLaw Data to Another Location (For LexisNexis PCLaw TM version 8.20 and higher)

This section discusses the protocols available for volumes on Nasuni Filers.

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Creating Folders and Organizing Your

LEARNING RESOURCE CENTRE GUIDE TO OFFICE 365

Exporting Contact Information

Creating a Shared Network Installation

Configuring Security Features of Session Recording

Migrating Your Windows File Server to a CTERA Cloud Gateway. Cloud Attached Storage. February 2015 Version 4.1

Understanding NTFS Hard Links, Junctions and Symbolic Links

Table of Contents. OpenDrive Drive 2. Installation 4 Standard Installation Unattended Installation

Transcription:

Combining Shared Folder and When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign the share permission READ to EVERYONE and assign FULL CONTROL NTFS permissions to Everyone, users connecting through the network will have Read permissions. When accessing a file locally, only NTFS permissions apply 1 Calculating Effective Permissions Both Share and are Cumulative Cumulative permissions: Permissions are combined when a user is not explicitly denied access A user's effective permissions for a resource are the sum of the NTFS permissions that you assign to the individua l user account and to all of the groups to which the user belongs. i.e. If a user has Read permissions for a folder and is a member of a group with write permissions for the same folder, the user s cumulative permissions are both Read and Write 2 1

Calculating Effective Permissions To calculate effective permissions when combining share permissions and NTFS 1. Determine the effective NTFS permissions 2. Determine the effective share permissions 3. Take the most restrictive of the two. 3 Sample Calculation of PublicApps Everyone Change of PublicApps John: Full Control Sales: Read You share a folder on your computer and you assign the share permission Change to Everyone. John, a user from the Sales Department, has been granted Full Control NTFS permissions to the folder. John is a member of the Sales Group, which has been assigned the READ NTFS permission. What are John s effective permissions when connecting to the share from across the network? 4 2

Sample Calculation of PublicApps Everyone Change of PublicApps John: Full Control Sales: Read John s Effective : Full Control John s Effective : Change Most Restrictive of the two: Change 5 Rules to Remember If you or a group you belong to is on both the share permissions access control list (ACL) and the NTFS ACL, you can browse into the share If you or a group you belong to is on only the share ACL, you cannot browse in but, if you have rights to folders beneath the shared folder you can access them using a UNC path. If you or a group you belong to are only on the NTFS ACL, you cannot browse into the share and you cannot access any folders beneath the share, even if you have rights to them. 6 3

PUBLIC APPLICATION FOLDERS Permissions assigned here assume that all users in the domain should be able to run programs that exist in any of the share s subfolders. PublicApps: Administrators Full Control Users Read & Execute; List Folder Contents; Read If the PublicApps folder is created at the root of the drive and Microsoft s default NTFS permissions haven t been changed at the root, you can use the default NTFS permissions. 7 PUBLIC APPLICATION FOLDERS Permissions assigned here assume that all users in the domain should be able to run programs that exist in any of the share s subfolders. Users Read Administrators Full Control PublicApps: Administrators Full Control Users: Read and Execute List Folder Contents Read If the PublicApps folder is created at the root of the drive and Microsoft s default NTFS permissions haven t been changed at the root, you can use the default NTFS permissions. 8 4

PUBLIC DATA FOLDERS Permissions assigned here assume that all users are able to add to, delete from and change the contents of files in the shared folder area. Users should not however be able to change permissions on a file or folder nor should they be able to take ownership of a file or folder. PublicData: Administrators Full Control Users everything but Full Control 9 PUBLIC DATA FOLDERS Permissions assigned here assume that all users are able to add to, delete from and change the contents of files in the shared folder area. Users should not however be able to change permissions on a file or folder nor should they be able to take ownership of a file or folder. Administrators Full Control Users Change PublicData: Administrators Full Control Users everything but Full Control 10 5

PRIVATE APPLICATION FOLDERS access to their department s applications. (i.e., Accounting can only access Accounting; Sales can only access Sales, etc.) Everyone Full Control PrivateApps: Administrators Full Control Remove Inheritance from above (do not allow inheritable permissions from this object s parent) After removing the inheritance make sure Administrators have full control applied to This folder, subfolders and files. Administrators should already be assigned full control because of inheritance Assign each group the following permissions to their department s respective folder (i.e., Sales group to the Sales folder; Marketing group to the Marketing folder, etc.) (users in each department will have to access their respective folder via the UNC path) Read and Execute, List Folder Contents Read 11 PRIVATE APPLICATION FOLDERS access to their department s applications. (i.e., Accounting can only access Accounting; Sales can only access Sales, etc.) Everyone Full Control PrivateApps: Administrators Full Control Users Read and Execute, List Folder Contents, Read If the PrivateApps folder is created at the root of the drive and Microsoft s default NTFS permissions haven t been changed at the root, you can use the default NTFS permissions. Remove Inheritance from above (do not allow inheritable permissions from this object s parent) After removing the inheritance make sure Administrators have full control applied to This folder, subfolders and files. Assign each group the following permissions to their department s respective folder (i.e., Sales group to the Sales folder; Marketing group to the Marketing folder, etc.) Read and Execute, List Folder Contents Read 12 6

PRIVATE DATA FOLDERS access to their department s data. Users in each department should be able to add to, delete from and change the contents of files in their department s folder. PrivateData: Administrators Full Control Remove Inheritance from above (do not allow inheritable permissions from this object s parent) After removing the inheritance make sure Administrators have full control applied to This folder, subfolders and files. Administrators should already be assigned full control because of inheritance Assign each group everything but Full Control to their respective folder (i.e., Sales group to the Sales folder; Marketing group to the Marketing folder, etc.) (users in each department will have to access their respective folder via the UNC path) 13 PRIVATE DATA FOLDERS access to their department s data. Users in each department should be able to add to, delete from and change the contents of files in their department s folder. PrivateData: Administrators Full Control Users Read and Execute, List Folder Contents, Read If the PrivateData folder is created at the root of the drive and Microsoft s default NTFS permissions haven t been changed at the root, you can use the default NTFS permissions. Remove Inheritance from above (do not allow inheritable permissions from this object s parent) After removing the inheritance make sure Administrators have full control applied to This folder, subfolders and files. Assign each group everything but Full Control to their department s respective folder (i.e., Sales group to the Sales folder; Marketing group to the Marketing folder, etc.) 14 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information