NTFS vs Shared Permissions

[Guest]

Archived from groups: microsoft.public.win2000.file_system (More info?)

I have a few questions about NTFS permissions and share that I hope
someone can help me with. I know that NTFS permissions are applied to
both remote and local users and that shared permissions are only
applied to remote users. When and why would you apply NTFS permissions
to a share or file?? With the shared vs NTFS permissions the most
restrictive permission will take effect but which should you lock down
the shared or the NTFS permissions?? Can you give an example?

With NTFS permissions on a file what is the difference with the
"read" and "read & execute" permissions? And what is the
difference between "modify" and "write" permissions? And the
"list folder content" and "transverse folders"?

With the share permission I was also reading that there is no
difference between the "modify" and "full control" is this
true??

What does the auditing tab do on the advanced tab and what is effective
permissions and how are they different from the permissions that are
assigned? I didn't see a difference and was confused by it???

 

[Guest]

Archived from groups: microsoft.public.win2000.file_system (More info?)

Dear, the NTFS Permissions and the shared permissions are complementary and must be enabled in order to work together in a secured network. First of all, in all the cases you must configure the NTFS permissions, this will guarantee you a secured access to the servers and at least configure it to the data folders of your servers. Secondly, they are no war between NTFS permissions and shared permissions, because the Windows OS applied first the shared permissions to the user who is trying to browse and traverse the folder, and after the Windows OS checks the NTFS permissions in order to let or not the user using the folder and files. So usually you must configure your share permissions with more permissive rights than NTFS permissions. So do not waste your time to configure the shared permissions and loose a lot of time with NTFS permissions, which are more important. definitions: "read": you can read the ressource it means that you can open it with an hex editor for example "read & execute": you can read it and also execute the file if it is an executable file "modifiy" you are able to read, write, execute and change the NTFS permissions "write" only you are just able to write the file of folder, for example if you want to copy a new file in the foler "list content": you can see the content of a folder "traverse" : you are able to enter into this folder The auditing tab lets you the power to control with the eventlog who is using the folders or files, this a trace and audit tool. The audit tab do not modify the behaviour of your NTFS permissions. for more details, i invite you to read the microsoft site: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_rights_and_access_masks.asp which gives you all "access_mask" details Regards Winsysbee Support http://www.winsysbee.com ">nntp://news.free.fr/microsoft.public.win2000.file_system/<1112843594.387609.65060@o13g2000cwo.googlegroups.com> I have a few questions about NTFS permissions and share that I hopesomeone can help me with. I know that NTFS permissions are applied toboth remote and local users and that shared permissions are onlyapplied to remote users. When and why would you apply NTFS permissionsto a share or file?? With the shared vs NTFS permissions the mostrestrictive permission will take effect but which should you lock downthe shared or the NTFS permissions?? Can you give an example?With NTFS permissions on a file what is the difference with the"read" and "read & execute" permissions? And what is thedifference between "modify" and "write" permissions? And the"list folder content" and "transverse folders"?With the share permission I was also reading that there is nodifference between the "modify" and "full control" is thistrue??What does the auditing tab do on the advanced tab and what is effectivepermissions and how are they different from the permissions that areassigned? I didn't see a difference and was confused by it???[">microsoft.public.win2000.file_system]