Network Share Permissions

[ZipperHeadMan]

It's my understanding that when creating a network share you do the following:

Create a folder
Share it
Set the Share Permissions w/ Everyone group Full Control
Lock it down with NTFS permissions.(actually set the NTFS permissions first but....)
NTFS permissions provide further security (most restrictive takes precedence)

However, on the Microsoft web site they document you should set share permissions with the security groups you want to have access and than delete the Everyone group.
Than do the same on the NTFS permissions.

This seems like too much work (2nd option)
Which method is correct????

Any help is appreciated!

 

[VinceF]

I like following the 2nd option. Yes it does take a little more time to do, but my feeling is that it's worth the effort.

 

[pjcarmen]

I agree, you should always use groups to manage your permissions and then remove "Everyone". more work, but more secure in the long run, IMHO.

-P

======
Paul
Network Admin, CCNA

 

[cnull]

FYI: In w2k the Everyone group included the anonymous user. In 2003 that is not the case anymore. Either way I would use the second option. But if you need to share on 2003 to anonymous you need to read up on local security options.