Information Technology Reference
In-Depth Information
How NTFS Security and Shared Permissions Work Together
When you set up a shared folder, you need to set up shared permissions on that folder.
If you're using NTFS, you will also need to set up NTFS security on the folder. Since both
shared permissions and NTFS security are in effect when the user is remote, what happens
when the two conflict?
These are the two basic rules of thumb:
■
The local permission is the NTFS permission.
■
The remote permission is the more restrictive set of permissions between NTFS
and shared.
This is easy to do as long as you do it in steps. Let's look at Figure 4.7 and walk through
the process of figuring out what wpanek has for rights.
figuRe 4.7
NTFS security and shared permissions example
Shared permissions
Stellacon Documents
NTFS security
Marketing
R
Sales
R
R&D
R
Local = ?
Remote = ?
Marketing
RX
Sales
R
R&D
FC
wpanek
Marketing
Sales
R&D
As you can see, wpanek belongs to three groups (Marketing, Sales, and R&D), and
all three groups have settings for the
Stellacon Documents
folder. In the figure, you will
notice that there are two questions: Remote = ? and Local = ? That's what you need to
figure out—what are wpanek's effective permissions when he is sitting at the computer that
shares the folder, and what are his effective permissions when he connects to the folder
from another computer (remotely)? To figure this out, follow these steps:
1.
Add up the permissions on each side separately.
Remember, permissions and security are
additive
. You get the highest permission.
So, if you look at each side, the highest shared permission is the Read permission.
The NTFS security side should add up to equal Full Control. Thus, now you have
Read permission on shared and Full Control on NTFS.
2.
Determine the local permissions.
Shared permissions do not apply when you are local to the data. Only NTFS would
apply. Thus, the local permission would be Full Control.
Search WWH ::
Custom Search