Announcement

Collapse
No announcement yet.

NTFS permissions, shares and W2K3 servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NTFS permissions, shares and W2K3 servers

    Now i thought i knew a bit about the above, and under W2K i used to share a folder and control who has access with ntfs permissions on the folder itself. Since we have been installing W2K3 servers i've noticed some strange things happening. Firstly when sharing a folder it defaults to read only, no worries i can remember that one. next it gives read write permissions to the local users group which just happens to have the domain users group a member, so now all the domain users have access to the folder. I dont recall W2K being like this.

    Now for the killer, I create a test share, change permissions to full for everyone, lock down ntfs permissions on it to only domain admins, go to a pc and log on as a domain user and not only can i access the share (understandable as the permissions on the share are full for everyone) but i can create and delete files in the folder even though i dont have ntfs permissions!!

    Are share permissions now overiding ntfs ones? am i going mad?

    Can someone shed some light on this or has MS turned its permissions upside down

    Regards

  • #2
    Re: NTFS permissions, shares and W2K3 servers

    Originally posted by Richie View Post
    Firstly when sharing a folder it defaults to read only, no worries i can remember that one. next it gives read write permissions to the local users group which just happens to have the domain users group a member, so now all the domain users have access to the folder. I dont recall W2K being like this.
    The most restrictive permission applies. Domain users will have NTFS rights over the folder but since the share permission specified read only, then that is the only access they will have.

    Originally posted by Richie View Post
    Now for the killer, I create a test share, change permissions to full for everyone, lock down ntfs permissions on it to only domain admins, go to a pc and log on as a domain user and not only can i access the share (understandable as the permissions on the share are full for everyone) but i can create and delete files in the folder even though i dont have ntfs permissions!!
    Can you post two screen shots, one of your share permissions and one for your NTFS permissions.

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: NTFS permissions, shares and W2K3 servers

      found out a few things, there was a group in the permissions called servername/users, and in this group was authenticated users which was giving the user inherited rights, This explains why the user was able to read/write.

      What i beleive i have to do now is when creating shares/permissions, to remove everything and then implicitly add who needs what.

      sorry to have bothered you all.

      Regards

      Comment


      • #4
        Re: NTFS permissions, shares and W2K3 servers

        Glad you got it sorted mate

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment

        Working...
        X