|
reno
Sep 25, 2009, 9:58 PM
Post #1 of 4
(366 views)
Shortcut
Registered: Oct 30, 2001
Posts: 18283
|
Can someone explain to me why Windows would treat a file share permission differently if I used the full path (ie, C:\Program Files\Proprietary Software) instead of the name assigned when I set the sharing and security permissions (ie, naming that folder "SHARE 01")?
Make sense?
|
|
|
|
|
bill413
Sep 28, 2009, 12:59 PM
Post #2 of 4
(342 views)
Shortcut
Registered: Oct 19, 2004
Posts: 5674
|
reno wrote: Can someone explain to me why Windows would treat a file share permission differently if I used the full path (ie, C:\Program Files\Proprietary Software) instead of the name assigned when I set the sharing and security permissions (ie, naming that folder "SHARE 01")? Make sense?
My recollection of windoze shares is that when you create a share you are able to assign it certain permissions that pertain to it as a share, not as a directory accessed from the local machine. As I recall, the permissions available for the share are not as fine grained as those for local access, but in that I may be confusing it with FTP management of directories.
When you set up the share there should be a dialog to set the share permissions, I think they start out letting everyone have access to it.
EDIT: The "why" is that you may want to allow local users to put something there/modify contents, but not let the outside world do so, or not allow local users to access it, forcing all access to go through the share.
(This post was edited by bill413 on Sep 28, 2009, 1:00 PM)
|
|
|
|
|
wes_allen
Oct 1, 2009, 2:00 PM
Post #3 of 4
(316 views)
Shortcut
Registered: Mar 29, 2002
Posts: 549
|
reno wrote: Can someone explain to me why Windows would treat a file share permission differently if I used the full path (ie, C:\Program Files\Proprietary Software) instead of the name assigned when I set the sharing and security permissions (ie, naming that folder "SHARE 01")? Make sense?
Share permissions are not the same as file permissions, but file permissions should take precedence. When I set up a share, I set the share to domain users / full rights, that way any domain users can hit the share. Then I use file permissions to grant users rights. If you have a kinda complex share (several folders / nested folders - with different rights needs) you need to look into the "this folder only" permission.
|
|
|
|
|
unabonger
Oct 2, 2009, 7:51 PM
Post #4 of 4
(297 views)
Shortcut
Registered: Aug 8, 2003
Posts: 2689
|
Wes is close but share permissions only take precedence in certain configurations.
If you are working on the local machine with the share, but you use the share path (\\hostname\sharename) to access the folder, then the share permissions will be in effect.
If you are accessing the folder using the disk path (c:\folder1\folder2\shared folder) then the share permissions aren't considered--only the NTFS permissions are considered.
The properties screen for the folder has a tab for Sharing and one for Security. The Sharing tab is where share permissions are set, and the default is "Everyone, Read Only".
The properties tab called Security is where the NTFS permissions are set, and the default security setting depends on the type of user you are logged in as, but the owner generally has full permissions.
Final permissions when accessing it by the share name (\\hostname\sharename) are going to be the most restrictive combination of the Share and NTFS permissions. So if the Share is Read Only for Everyone, then even the owner won't be able to modify a file, even though the NTFS is set to allow full access.
Most Windows admins consider it a best practice to set the Share permissions to Everyone - Full Control, and then control access only using the more granular NTFS permissions.
(This post was edited by unabonger on Oct 2, 2009, 7:53 PM)
|
|
|
|
|
|
|
|
|
