File-level is optimal as most will say out there. Excerpt from article: File-level security usually provides more efficient protection than share-level security. The only real downside to file-level security is that it only works on an NTFS partition.
Read more at: http://www.microsoft.com/technet/prodtechnol/winntas/tips/techrep/permiss.as p -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:04 PM To: [EMAIL PROTECTED] Subject: RE: NTFS Permissions (was Share Permissions) This is interesting because our system (NT 4.0) has been set up exactly opposite this - ntfs permissions allow full control access to everyone and share permissions are used to allow/restrict access to the share. This seems to work pretty well, but are there hidden pitfalls? I inherited this system and questioned the apparent inconsistency, but was told that it was what MS recommends. My own research couldn't confirm/deny this and I hadn't seen any issues raised anywhere until now. Thanks in Advance, Sharon Joyner, CISSP IS Security Administrator Warner Publisher Services 9210 King Palm Drive Tampa, FL 33619 Tel: 813-664-8147 Fax: 813-664-8195 -----Original Message----- From: Benjamin Meade [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 3:10 AM To: 'Security-Basics' Subject: Share Permissions Hey all, Just wondering in Win2K server, when I share a folder, I set the share permissions to full access for everybody, and then control access using the file permissions. (Basically cos it cuts down on administration, and I'm lazy.) Are there any security issues running this way, or is it much of a muchness? Thanks, Benjamin Meade System Administrator LanWest Pty Ltd Ph: (08) 9440 3033 Fax: (08) 9440 3370 ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------