Re: Win2k8 in a workgroup - share permissions
- From: "Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m>
- Date: Tue, 14 Apr 2009 07:25:14 -0700
"Anteaus" <Anteaus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:E25DA4EA-8240-44ED-8518-CAB8B5A49E2F@xxxxxxxxxxxxxxxx
The problem lies in NTFS permissions. If possible set permissions on the
filesystem to Everyone>Full and use share permissions to control access.
BTW, I've seen far too many small systems (in one office, three users and a
server!) setup as a domain, and basically the problems this creates far, far
outweigh any advantages. Key issue with domains is the inability to
subsequently change anything (domain name, server name, computer name, user
account) without this causing a spate of domino-effect problems. These kinds
of problems maybe don't create such an issue for the corporate site with
highly-qualified onsite IT, but for small businesses running the likes of SBS
they are a total headbanger. Even a trivial issue like a user marrying can
lead to an IT firm having to be called-in to change the username without, in
the process, losing all of the user's settings, files and email.
As with so many systems touted to streamline or integrate administration,
these shortcomings are not apparent until you've tried to use the thing for a
while in a production environment,
Your experience is very different from mine. It is much harder to change a user name (or even a password) in a workgroup instead of a domain. In the domain one change and it's done. In a workgroup you have to know all of the computers that have shared resources the user accesses and change the account on every one of them. I have many businesses with small networks that I manage/oversee for them. On none of them would they call me to change a user account. I have delegated that authority (with the built in wizard) and showed them (about five minutes) how to do this. As a backup they have a half page written procedure they can look at. I have however been called in many times to businesses with a workgroup based network when all of a sudden a user can't access a printer or share they used to use just fine. The only problematic things to change are the domain name and the domain controller name. That's easily mitigated by using generic names from the start. It does take a bit of work at the start to set up an Active Directory based network. Once it's setup properly it's much easier to manage than a work group. The only time I ever use workgroups is if there is no Windows server in the network. Once there is a Windows server AD is a no brainer.
As for setting NTFS security so that anybody has access and using share permissions to control access, that has so many bad security implications it's laughable. I guess you've never heard of a disgruntled employee looking up payroll data, stealing company information, etc. If a user logs on locally you have no control over what they can access on the computer if you use your security model. Even in a workgroup this is a very poor security practice.
--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
.
- References:
- Win2k8 in a workgroup - share permissions
- From: msnews.microsoft.com
- RE: Win2k8 in a workgroup - share permissions
- From: Anteaus
- Win2k8 in a workgroup - share permissions
- Prev by Date: Re: security audit
- Next by Date: password crack for service account
- Previous by thread: RE: Win2k8 in a workgroup - share permissions
- Next by thread: Re: Win2k8 in a workgroup - share permissions
- Index(es):
Relevant Pages
|
