Re: Share and NTFS permissions
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Sat, 23 Dec 2006 09:29:32 -0500
No security risk other than someone screwing up and not setting the NTFS permissions properly.
As for why they have both mechanisms, because if they didn't, you would have 100 people in here at least including myself asking why MSFT didn't give that flexibility. Maybe you have a situation where regardless of anything, no one should have more than READ when connecting through a specific share (say it is a share that houses archive data) but some admin screws up when adding a new folder to it and gives Change... The Share RO permissions would make that case so it wasn't an issue.
It really isn't all that confusing. I think when I first heard about it back in about 1995 or 1996 I spent all of about 15 seconds thinking about it and haven't had an issue since. Doesn't mean I haven't seen hundreds if not thousands of admins have issues with it. But that doesn't make me question the granularity capability in the system.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
vashi wrote:
I have read that the best way to allocate permissions for shared folders is - is to Share the folder . Give Share-Permissions as " Everyone Full Control" and give the specific Allow/Deny permissions in the NTFS tab..
Is there any insecurity in giving Share-permissions as Full control and only specifying the NTFS permissions accurately ?
If no insecurities , why is Windows giving us the facility to give permissions in 2 places and making it confusing?
- Prev by Date: Requesting Certificate from Subordinate CA
- Next by Date: Re: Share and NTFS permissions
- Previous by thread: Requesting Certificate from Subordinate CA
- Next by thread: Re: Share and NTFS permissions
- Index(es):
Relevant Pages
|
|
