What is the recommended best practice around configuring NTFS and share permissions?
|
Home Show
Login Join Login Join
 utsec.net
This person is a verified professional. Verify your account to enable IT peers to
see that you are a professional. Last Updated: Jan 31, 2019 6 Minute Read
Rich Johnson
This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. utsec.netDraper, UT23 years in ITA+, CISSP, Network+
1015 Contributions 142 Best Answers 96 Helpful Posts 7 Projects Main Areas of Contribution:
Register. Track Progress. Earn Credits. Learning has never been so easy! Sign UpRead these next...
This section will be of interest to an administrator who is familiar with security settings on a FAT32 volume where permissions for a shared folder are the only permissions protecting files and subfolders in the shared folder. When using share permissions and NTFS permissions together, if there is a conflict in the configuration, the most restrictive permission prevails. For example, if a user has NTFS full access to a specific file in a folder that is not shared, the user cannot access the file from the network. In this case, the user can sit down at the computer that contains the file, log in and access the file, because sharing permissions do not affect local access. One strategy for providing access to resources on an NTFS volume is to share folders with the default shared folder permissions and then control access to shared folders by assigning NTFS permissions. When you share a folder on an NTFS volume, both shared folder permissions and NTFS permissions combine to secure file resources. Shared folder permissions provide limited security for resources. You gain the greatest flexibility by using NTFS permissions to control access to shared folders. Also, NTFS permissions apply whether the resource is accessed locally or over the network. When you use shared folder permissions on an NTFS volume, the following rules apply:
PlanningThe first step is planning how folders will be shared. To do this, make a list of what data will be stored and what user groups will require access. For example, types of data may be employee data, customer account status data, customer service data, management guideline data, and so on. Groups of users may be managers, administrators, sales reps, customer service reps, and so on. Create a table with three columns:
To share any folders or other network objects, you must have "File and Printer Sharing for Microsoft Networks" as a networking component in your local area connection. To add this component:
What is the recommended share permission and NTFS permission you should assign to a folder that you shared?Best Practices for Sharing and NTFS Permissions
We therefore recommend setting share permissions for admins to “Full Control” and to “Change” for regular domain users. Do not set any other share permissions.
What are the common permissions for NTFS and shared?If the share permissions are “Read”, NTFS permissions are “Full control”, when a user accesses the file on the share, they will be given “Read” permission. If the share permissions are “Full Control”, NTFS permissions are “Read”, when a user accesses the file on the share, they will still be given a “Read” permission.
What strategy can you use to combine and manage NTFS and share permissions?One strategy for providing access to resources on an NTFS volume is to share folders with the default shared folder permissions and then control access to shared folders by assigning NTFS permissions.
What are steps of NTFS permissions?NTFS permissions. Open Windows Explorer. ... . Expand My Computer.. Right-click %systemroot%, and then click Properties.. Click the Security tab, and then click Advanced.. Double-click Permission, and then select the appropriate setting from the Apply Onto list.. |
