Announcement

Collapse
No announcement yet.

Folder Security

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Folder Security

    I know this is a little mundane but I'm trying to secure all folders on my network. When I came into this job the folder structure security was not done correctly meaning the Share has permission for everyone and full control permission.

    From what I've been told, a share should have only the group or user that needs access to it? But then the security also needs to have the same user and groups also added?

    My thoughts.

    F:\share = Everyone (read, modify, access) No full control?
    F:\share\folder = Groups or users with the needed permission?

    Is this right?

  • #2
    Re: Folder Security

    Since security is a combination of share and ntfs, Microsoft Best Practice (or at least official training courses) is:
    SHARE -- open e.g. Everyone Full Control*
    NTFS -- closed using group level permissions

    *IMHO Share should be: Everyone Change, Administrators Full Control

    (Note default share permission is Everyone Read so you must explicitly open it up)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Folder Security

      Originally posted by Ossian View Post
      Since security is a combination of share and ntfs, Microsoft Best Practice (or at least official training courses) is:
      SHARE -- open e.g. Everyone Full Control*
      NTFS -- closed using group level permissions

      *IMHO Share should be: Everyone Change, Administrators Full Control

      (Note default share permission is Everyone Read so you must explicitly open it up)
      Thanks Ossian I agree with this also. I think I will do just that. Share=Everyone Change, Admin=full control and give user rights to the NTFS

      Comment


      • #4
        Re: Folder Security

        You always want to give "Everyone" full control at the share level, then handle security permissions through NTFS security. Much easier to manage that way, becuase you're not worrying about two separate ACLs and the conflicts that can occur. If they aren't on the security ACL, then them having full control share permissions won't mean a thing; they will not be able to access that folder.

        Comment

        Working...
        X