Share permissions do not apply on a per file basis and ntfs permissions do. If all the documents in a folder have the same permissions then whether you use share or ntfs permissions doesn't matter. If on the other hand you have documents in a folder and each has unique permissions then you will have to use NTFS. i.e. If you want a user to have read access on one document and change on another in the same folder you will have to use NTFS.
Another difference is that share permissions do not apply to the local machine but NTFS permissions do. This is relevant when using terminal server as remote users log on to the server locally. You might want to look at the following Best Practice TechNet page: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt echnol/windowsserver2003/proddocs/standard/file_srv_bestpractice.asp I hope this helps, Marco -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 10:04 PM To: [EMAIL PROTECTED] Subject: RE: NTFS Permissions (was Share Permissions) This is interesting because our system (NT 4.0) has been set up exactly opposite this - ntfs permissions allow full control access to everyone and share permissions are used to allow/restrict access to the share. This seems to work pretty well, but are there hidden pitfalls? I inherited this system and questioned the apparent inconsistency, but was told that it was what MS recommends. My own research couldn't confirm/deny this and I hadn't seen any issues raised anywhere until now. Thanks in Advance, Sharon Joyner, CISSP IS Security Administrator Warner Publisher Services 9210 King Palm Drive Tampa, FL 33619 Tel: 813-664-8147 Fax: 813-664-8195 -----Original Message----- From: Benjamin Meade [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 3:10 AM To: 'Security-Basics' Subject: Share Permissions Hey all, Just wondering in Win2K server, when I share a folder, I set the share permissions to full access for everybody, and then control access using the file permissions. (Basically cos it cuts down on administration, and I'm lazy.) Are there any security issues running this way, or is it much of a muchness? Thanks, Benjamin Meade System Administrator LanWest Pty Ltd Ph: (08) 9440 3033 Fax: (08) 9440 3370 --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------