Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NTFS/Share Permissions 2

Status
Not open for further replies.
Shibboleth

Shibboleth

Technical User
Apr 25, 2003
14
0
0
US
I needed to restrict access on a directory where Everyone would have only read access except for in one folder that is in that directory where Everyone can have full access. Only 2 people were given full access on the parent directory. I did this with NTFS but now one of those 1 people can't write to folders below the directory.

If I set Share permissions on a folder will those permissions propogate to every directory/file below?

If I do that then change the permission on one directory below to allow Everyone Full will that work?

Should I leave NTFS out of it?

This problem came up with the user tried to synchronize offline files and access was denied.
 
Sort by date Sort by votes
I usually leave Share permissions to Full Control, then I work on NTFS to narrow the permissions.
YOu should work with NTFS.
It should work fine that way you propose, just check or uncheck as needed, the box you will see at the bottom (working on the security tab) to propagate or not the settings. Then if you need something(add a user or group) , you can do it manually.

A+, MCP, CCNA
marbinpr@hotmail.com

"I just know that I know nothing"
Socrates (469-399 B.C.E.)

 
Upvote 0 Downvote
This is the way I do it.

On the SHARE, set everyone = CHANGE

Then on the NTFS level, make the permissions they way you want giving some people CHANGE and others READ.

If you put something like "Authenticated Users" or "Everyone" as CHANGE on the share, then users connecting to the share remotely will not be able do have higher permissions then change. I normally don't give users FULL CONTROL, this would mean that they can change permissions and TAKE OWNERSHIP and delete subdirectories (if they had full control on SHARE and NTFS)

I don't want to give my users this right. Therefore, CHANGE is a better permission. This allows them to write, delete, and read but not change permissions or take ownership.

So, CHANGE on the Share, then READ or CHANGE on the NTFS...


I also apply Domain Local Groups for security... Not individual users or Global Groups. (Note: You must be in NATIVE Mode for this...or be in mixed mode but on a DC.)

-hope this helps..

Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out
 
Upvote 0 Downvote
I've determined the problem is with the Share permissions. The NTFS permissions are working fine but apparently the share permissions aren't propogating to lower directories.

Here's the situation.

The root share allows full access to everyone.
rootshare\child1 allows full access as well.
The only other shares in those directories and below were put there to specifically allow only certain users to get in those directories. However, any folder that doesn't specifically have a share isn't accessible by the 2 users who should have full access.

What could be happening?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kurio71
  • Locked
  • Question
Clean Install of 2016 - NTFS permissions
Replies
1
Views
46
hairlessupportmonkey
hairlessupportmonkey
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
125
strongm
strongm
Carlvic
  • Locked
  • Question
Not authorize to access to rename,edit or delete on windows share
Replies
0
Views
37
Carlvic
Carlvic
gbaughma
  • Locked
  • Question
Shared folder permissions
Replies
0
Views
25
gbaughma
gbaughma
arell12
  • Locked
  • Question
NTFS permissions
Replies
1
Views
29
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top