The effective permissions are the most restrictive intersection
of the two sets.
There are two serious problems with the approach you've described:
1. Share permissions only apply to access via the network. If
employees have "log on locally" permission and can physically get
to the box, then they'll have whatever the NTFS permissions allow.
2. The NTFS permission set is more finely granular, and so can be
tuned to more precisely match the permissions you actually need to
assign. The share-level permissions are somewhat coarser, and so may
force you to give too much permission in order to give enough.
David Gillett
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: June 24, 2003 13:04
> To: [EMAIL PROTECTED]
> Subject: RE: NTFS Permissions (was Share Permissions)
>
>
> This is interesting because our system (NT 4.0) has been set
> up exactly
> opposite this - ntfs permissions allow full control access to everyone
> and share permissions are used to allow/restrict access to the share.
> This seems to work pretty well, but are there hidden pitfalls?
>
> I inherited this system and questioned the apparent inconsistency, but
> was told that it was what MS recommends. My own research couldn't
> confirm/deny this and I hadn't seen any issues raised anywhere until
> now.
>
> Thanks in Advance,
>
> Sharon Joyner, CISSP
> IS Security Administrator
> Warner Publisher Services
> 9210 King Palm Drive
> Tampa, FL 33619
> Tel: 813-664-8147 Fax: 813-664-8195
>
>
>
> -----Original Message-----
> From: Benjamin Meade [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 09, 2003 3:10 AM
> To: 'Security-Basics'
> Subject: Share Permissions
>
>
>
> Hey all,
>
> Just wondering in Win2K server, when I share a folder, I set the share
> permissions to full access for everybody, and then control
> access using
> the file permissions. (Basically cos it cuts down on
> administration, and
> I'm lazy.) Are there any security issues running this way, or
> is it much
> of a muchness?
>
> Thanks,
>
> Benjamin Meade
> System Administrator
> LanWest Pty Ltd
> Ph: (08) 9440 3033
> Fax: (08) 9440 3370
>
>
>
> --------------------------------------------------------------
> ----------
> ---
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
> analysts! The Gartner Group just put Neoteris in the top of its Magic
> Quadrant, while InStat has confirmed Neoteris as the leader in
> marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access
> in about an hour, with no client, server changes, or ongoing
> maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------
> ----------
> ----
>
>
> --------------------------------------------------------------
> ---------
>
> This message is the property of Time Inc. or its affiliates. It may be
> legally privileged and/or confidential and is intended only
> for the use
> of the addressee(s). No addressee should forward, print, copy, or
> otherwise reproduce this message in any manner that would
> allow it to be
> viewed by any individual not originally listed as a recipient. If the
> reader of this message is not the intended recipient, you are hereby
> notified that any unauthorized disclosure, dissemination,
> distribution,
> copying or the taking of any action in reliance on the information
> herein is strictly prohibited. If you have received this communication
> in error, please immediately notify the sender and delete
> this message.
> Thank you.
>
>
> --------------------------------------------------------------
> -------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by
> top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure
> remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------
> --------------
>
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
