Re: Shared permissions vs. security

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/20/05 

Date: Thu, 19 May 2005 21:25:07 -0500

System basically means operating system and you generally want to give
system full control as it would have by default. Not having the system with
full control possibly can break some things with backups being an example of
a possibility.

If you add "user" or a user account then that user will have full control
over that folder/file which means that the user can read, list, execute,
write, delete, and change permissions. Generally this is considered
excessive permissions for a user other than something like their home folder
or user profile folder. A basic security principle is that of least
privilege which means a user will only have the necessary rights and
permissions to do their job. Then they will be much less likely to
accidentally delete folders/files or install software that they should not -
maybe even a Trojan. The link below explains more on folder permissions.

http://support.microsoft.com/default.aspx?kbid=300691
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419 --- mostly
applies to Windows 2000 also

Your subject mentions "shared". If you mean network shares then keep in mind
that share permissions work together with folder/ntfs permissions. Share
permissions only apply when a use accesses a share via the network.
Folder/ntfs permissions apply to a local logon or network access. If share
permissions conflict with folder/ntfs permissions for a network user the
most restrictive permission will apply to the user. In other words if a user
has only read access to a share but full control to the folder/ntfs
permissions. That user will only have to read/list/execute access over the
network for the share contents. --- Steve

"Carl Gross" <CarlGross@discussions.microsoft.com> wrote in message
news:11866EDF-64D0-481C-A70B-89E483C48D01@microsoft.com...
>I have been trying to make our network more secure by setting each
> workstation hardrive shared between Domain Admins with Full Control
> rights.
>
> What is the difference between setting this permission and selecting the
> Security tab to have the same permissions except adding the SYSTEM and
> user
> at that workstation?
>
> We have W2K SP4 workstations on a SBS 2003 server.

Relevant Pages

  • Re: Need Help RE: NTFS
    ... I'm trying to create a share on our W2k3 network. ... so lets say I have this NTFS Folder structure: ... control what files get published and controls who can have access). ... who can place files in specific folders via NTFS permissions. ...
    (microsoft.public.windows.server.general)
  • Re: FileIOPermissions issue - howto fix?
    ... In the .NET CAS security manager, doesn't really matter what user permissions you ... have on that network share, the code-origin is queried first and it is LocalInternet ... > control and edit/save capabilities) disappears from the main form. ...
    (microsoft.public.dotnet.security)
  • Re: Sharing Folders
    ... everyone full control to a network share, ... give "domain users" full control on permissions and full ... permissions and read only on security. ...
    (microsoft.public.windows.server.sbs)
  • Re: Restrict Users from Installing programs
    ... > I use a windows 2000 Professional on a small network in a ... > installing any programs on theeir computers. ... Second user permissions to control WHERE the user can ...
    (microsoft.public.win2000.networking)
  • Re: XP User Profile Security Issue
    ... Check the folder/NTFS permissions on the folders in question ... control, possibly administrators with full control, and the user with full ... while allowing C drive access. ...
    (microsoft.public.windowsxp.security_admin)