Sign in with
Sign up | Sign in
Your question

NTFS vs Shared

Last response: in Windows 2000/NT
Share
Anonymous
April 7, 2005 12:11:37 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a few questions about NTFS permissions and share that I hope
someone can help me with. I know that NTFS permissions are applied to
both remote and local users and that shared permissions are only
applied to remote users. When and why would you apply NTFS permissions
to a share or file?? With the shared vs NTFS permissions the most
restrictive permission will take effect but which should you lock down
the shared or the NTFS permissions?? Can you give an example?

With NTFS permissions on a file what is the difference with the
"read" and "read & execute" permissions? And what is the
difference between "modify" and "write" permissions? And the
"list folder content" and "transverse folders"?

With the share permission I was also reading that there is no
difference between the "modify" and "full control" is this
true??

What does the auditing tab do on the advanced tab and what is effective
permissions and how are they different from the permissions that are
assigned? I didn't see a difference and was confused by it???

More about : ntfs shared

Anonymous
April 7, 2005 10:23:56 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<matthewpascucci@yahoo.com> wrote in message
news:1112843497.002928.69810@o13g2000cwo.googlegroups.com...
> I have a few questions about NTFS permissions and share that I hope
> someone can help me with. I know that NTFS permissions are applied to
> both remote and local users and that shared permissions are only
> applied to remote users.

Well, that is because if you access an NTFS file (from
anywhere) you are required to have permissions -- your
location is irrelevant.

> When and why would you apply NTFS permissions
> to a share or file??

There are no NTFS permissions on shares, and NTFS
permissions on files are just that -- NTFS permissions.

Share permissions set a limit which can protect in case
the NTFS permissions are set incorrectly (layers of
defense.)

> With the shared vs NTFS permissions the most
> restrictive permission will take effect but which should you lock down
> the shared or the NTFS permissions??

Normally the NTFS permissions are the more critical
since they are more flexible. (More choices, more
granularity.)



> Can you give an example?

You can use NTFS to do odd things like "allow the creation
of files in a directory but NOT allow the creation of sub-
directories there."

> With NTFS permissions on a file what is the difference with the
> "read" and "read & execute" permissions?

Read allows a file to be read, and with execute it can be run if
it is a program -- just what it says.

> And what is the
> difference between "modify" and "write" permissions?

Mostly that modify includes Delete -- it is roughly equal to
change on the share.

> And the "list folder content" and "transverse folders"?

Do a directory listing command verses transfer to a subdirectory.



> With the share permission I was also reading that there is no
> difference between the "modify" and "full control" is this
> true??

No. Full control includes "security stuff"* and modify or change
does not.

"Security stuff" == take ownership, SET permissions, or SET auditing

> What does the auditing tab do on the advanced tab

It sets auditing (logging of access) instead of permissions (checking
with grant/deny of access.)

> and what is effective
> permissions and how are they different from the permissions that are
> assigned? I didn't see a difference and was confused by it???

This is beginning to sounds like your homework.

Effective permissions are what the user can actually DO
after all are calculated -- when a user

A particular permission may say one thing or another, but
the user may be in multiple groups which assist or conflict
(with deny's involved) -- and the user may be coming through
a share and ntfs giving different results than being local or
coming through a different share.

So the NTFS permissions might be effectively different than
is obvious.
Anonymous
April 7, 2005 11:53:45 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

On 6 Apr 2005 20:11:37 -0700, matthewpascucci@yahoo.com wrote:

>I have a few questions about NTFS permissions and share that I hope
>someone can help me with. I know that NTFS permissions are applied to
>both remote and local users and that shared permissions are only
>applied to remote users. When and why would you apply NTFS permissions
>to a share or file?? With the shared vs NTFS permissions the most
>restrictive permission will take effect but which should you lock down
>the shared or the NTFS permissions?? Can you give an example?
>
>With NTFS permissions on a file what is the difference with the
>"read" and "read & execute" permissions? And what is the
>difference between "modify" and "write" permissions? And the
>"list folder content" and "transverse folders"?
>
>With the share permission I was also reading that there is no
>difference between the "modify" and "full control" is this
>true??
>
>What does the auditing tab do on the advanced tab and what is effective
>permissions and how are they different from the permissions that are
>assigned? I didn't see a difference and was confused by it???

See http://support.microsoft.com?kbid=308419
for a good description of NTFS permissions.
Always set NTFS permissions for the access required and then set share permissions.

Auditing allows you to track the use of permissions by recording events in the Security event log.




Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Anonymous
April 8, 2005 2:13:42 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

the NTFS Permissions and the shared permissions are complementary and must
be enabled in order to work together in a secured network.
First of all, in all the cases you must configure the NTFS permissions, this
will guarantee you a secured access to the servers and at least configure it
to the data folders of your servers.

Secondly, they are no war between NTFS permissions and shared permissions,
because the Windows OS applied first the shared permissions to the user who
is trying to browse and traverse the folder, and after the Windows OS checks
the NTFS permissions in order to let or not the user using the folder and
files. So usually you must configure your share permissions with more
permissive rights than NTFS permissions.
So do not waste your time to configure the shared permissions and loose a
lot of time with NTFS permissions, which are more important.

definitions:
"read": you can read the ressource it means that you can open it with an hex
editor for example
"read & execute": you can read it and also execute the file if it is an
executable file
"modifiy" you are able to read, write, execute and change the NTFS
permissions
"write" only you are just able to write the file of folder, for example if
you want to copy a new file in the foler
"list content": you can see the content of a folder
"traverse" : you are able to enter into this folder

The auditing tab lets you the power to control with the eventlog who is
using the folders or files, this a trace and audit tool.
The audit tab do not modify the behaviour of your NTFS permissions.

for more details, i invite you to read the microsoft site:
http://msdn.microsoft.com/library/default.asp?url=/libr...
which gives you all "access_mask" details


WinSysBee Support
Sécurité et Expertise Informatique
http://www.winsysbee.com



<matthewpascucci@yahoo.com> wrote in message
news:1112843497.002928.69810@o13g2000cwo.googlegroups.com...
>I have a few questions about NTFS permissions and share that I hope
> someone can help me with. I know that NTFS permissions are applied to
> both remote and local users and that shared permissions are only
> applied to remote users. When and why would you apply NTFS permissions
> to a share or file?? With the shared vs NTFS permissions the most
> restrictive permission will take effect but which should you lock down
> the shared or the NTFS permissions?? Can you give an example?
>
> With NTFS permissions on a file what is the difference with the
> "read" and "read & execute" permissions? And what is the
> difference between "modify" and "write" permissions? And the
> "list folder content" and "transverse folders"?
>
> With the share permission I was also reading that there is no
> difference between the "modify" and "full control" is this
> true??
>
> What does the auditing tab do on the advanced tab and what is effective
> permissions and how are they different from the permissions that are
> assigned? I didn't see a difference and was confused by it???
>
!