|
Home > Archive > 70-210 > June 2002 > Permissions
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Monzas 2002-05-27, 7:38 pm |
| Hi there everyone.. Can someone help me with this problem.. I am getting confussed( and lately that does not take alot, just studying towards the MSCE tends to do that) with the different permissions of sharing and NTFS.. Is there a way that i can remember what is for sharing, what is for NTFS and what is the permissions for the Server..
Then another thing.. this permissions and rights.. how do i tell them apart.. I know rights is for what a person can do..
Please help!!!!!!!!!!!!!! | |
|
| Don't worry you are not the only one !!
Rights :Ability to do something ;
Logon,change system time at
User and Groupe Level
Permissions :Assigned to give access
to resource like:
files,folders,Printers,
Object Level
Hope it helps..good study
   | |
| mcdoud 2002-05-30, 12:39 pm |
| Don't forget:
Share permissions are only valid over the network. If you access the shared folder directly form the local machine, they do not apply! This could show up as a somewhat tricky test question.
Also, shared folder permissions combine with NTFS file/folder permissions to create an overall "permission" that is most permissive. BUT, there is one exception, and that is if there are any "Deny access". That automatically means NO ACCESS! It seems that this is a popular question!
Examples:
1. If share permissions are read while NTFS permission is full control, you get full control.
2. If share permissions are full control and NTFS permissions are deny access, you get deny access.
Correct me if I am wrong, anybody.
Hope this helps!
| |
| secondskin 2002-06-02, 2:27 pm |
| Actually you have this statment a little wrong.
quote:
1. If share permissions are read while NTFS permission is full control, you get full control
Its actually the most restrictive permissions prevail when combining NTFS permissions and Share permissions.
So if share are READ and NTFS are FULL the combined permissions will only give the Person READ. | |
| Zaraspook 2002-06-02, 3:54 pm |
| Share permissions can be calculated in the following way:
Calculate all Share permissions, which are cumulative except for deny. Remember the sum is the least restrictive permission except in the case of deny. Deny will always always override an allow.
Calculate all NTFS permissions, which are cumulative except for deny. Remember the sum is the least restrictive permission except in the case of deny. Deny, again, will always always override allow.
Finally, combine the calculated NTFS and Share permissions and the result is then the most restrictive permission.
Remember to always be very very careful before using a deny, as that one deny may come back to haunt you down the road because permissions, whether Share or NTFS, one more time, are cumulative.
Also, share permissions only apply if you access the resource over the network, whereas NTFS permissions apply when accessing resources both locally and over the network.
Therefore, a good method of applying permissions is to leave Share permissions wide open, that is everyone full control, and lock down your security using NTFS permissions only, since they apply if the resource is accessed over the network or via the local computer. NTFS permissions also have much finer granularity allowing for much more flexibility in setting permissions.
Hope this helps! Good luck! | |
|
| Im just going through this at the moment, and from what I gather, share permissions should only be used on a fat(32) drive, as the ntfs permissions control files/folders both locally and over the network, is this right ?
Sorry to but in here, but I think its related to the original post, if not, please say so and I'll start a new thread. | |
| Shadowwraith 2002-06-03, 12:50 pm |
| Actually,
From what I understand, share permissions can be used reguardless of wheather it is a fat32 or ntfs partition. The share permissions come into account when you are accessing the share file or folder. If you are connecting over the network to the share folder then the permissions apply. If you are accesing the file from the local maching (i.e. the machine the share sits on) then they do not apply.
I have alwasy found it easier IMHO to always set share permissions to full access and then do any restrictions through ntfs permissions. Hope this helps. If not let me know and I will try to elaborate. Have a wonderful day. | |
|
| hi,
Thanks for the reply, I know that share permissions can be used regardless of file system, and apply only over a network, sorry, I should have said so. The bit that is now sort of confusing me a bit is:
If I have a folder called "hello" on pc1 (ntfs) do the ntfs permissions apply locally AND over the network? I know (I think...) that if it was a fat/32 then the only permissions that could be applied would be the share permissions which only apply over the network. I thought I'd figured all this!!, the ntfs permissions I DO understand, but do they apply over a network also? I've had a play around here, and that seems to be the case, but I always thought ntfs and share permissions were totally difrent entities. | |
| Zaraspook 2002-06-04, 12:42 am |
| CALV:
As I pointed out in my earlier post, NTFS permissions do, indeed, apply both when accessing a resource locally and over the network, if the resource is on a drive formatted with the NTFS file system. Of course, if the drive is formatted FAT32 or FAT16, then all bets are off because you will not have the option of setting NTFS permissions and Share permissions will be the only permissions that will be available to lock down file and folder security, and again, they will only apply, in this case, when accessing the resource over the Network. Anyone accessing your files and folders locally will have unbridled free rein.
For this reason, when your file system is formatted with NTFS, it is recommended that you leave share permissions wide open and use NTFS permissions alone to lock down your security. It not only simplifies file security management, but also allows for much more granularity and finer control when you are setting permissions on files or folders. | |
| netnewsnow 2002-06-04, 11:42 am |
| I believe I understand where you are confused, its in your seperations of share and local permissions.
ntfs permissions will apply on the local machine, therefore, if you access the file through the network, you still need to access the local hard disk, where the permissions reside.
If I where to remove the hard disk and install it on another machine with another win2k, the permissions would remain, because its the ntfs table that understand the rights, their on the file itself.
If I have a shared folder, the security is in the registry, so If I access the drive directly, there is no share security simply because I am not accessing it from a shared standpoint.
You can understand the shared security better from 2 win98 stations.
Zaraspook gave you the best way to describe share permissions and ntfs permissions, read his post again. | |
|
| RIGHT!!!!
Gotya, thanks all |
|
|
|
|