File Servers
Lesson 5
Lesson 5
share permissions
By Sai Kurada
September 01, 2023
In Windows, Share Permissions are a set of permissions that control access to shared folders over a network. These permissions are separate from NTFS permissions, which apply to files and folders on the local system. It's important to note that when accessing files over the network, both Share Permissions and NTFS Permissions come into play, and the more restrictive of the two takes precedence.
Here are the basic Share Permissions:
Full Control:
Change:
Read:
Read/Write:
Custom:
No Access:
These permissions apply when someone accesses the shared folder over the network. Once they are in, NTFS permissions determine what they can do with the individual files and folders inside the shared directory.
Here are some important points to consider:
Configuring Permissions
To configure permissions for the share:
1. In Windows Explorer, right-click the folder you want to share, and then click Properties.
2. On the Sharing tab, click Advanced Sharing.
3. In User Account Control, click Continue to accept the prompt that Windows needs your permission to perform the action.
4. In the Advanced Sharing dialog box, check Share this folder.
5. Set the Share name and Comments as appropriate. To make the share hidden, add a $ to the end of the share name.
Note
Hiding a share means that when you connect to [\server](file://server/) you will not see the share unless you specifically enter the path [\server\share$](file://server/share$).
6. Click Permissions.
7. In the Permissions dialog box, remove the Everyone group, if it exists.
8. Add the appropriate user or group that should have access to the share.
9. Specify the permissions (Full Control, Change, Read) for the user or group.
10. Click OK twice and then click Close to close the dialog boxes.
It's important to carefully plan and configure both Share and NTFS Permissions to ensure that the right users have the appropriate level of access to shared resources while maintaining security.
Full Control:
- Allows: Viewing, creating, modifying, and deleting files and subfolders. Also allows changing permissions for the shared folder.
Change:
- Allows: Allowing users to do everything that the Read permission allows, plus change the contents of files in the shared folder.
- Denies: Changing permissions for the shared folder.
Read:
- Allows: Viewing and opening files, running programs, but not making changes.
- Denies: Creating, modifying, or deleting files in the shared folder.
Read/Write:
- Allows: Reading and writing files. Essentially, it combines the Read and Write permissions.
- Denies: Changing permissions for the shared folder.
Custom:
- Allows: Administrators to define specific combinations of permissions tailored to their needs.
No Access:
- Denies: All access to the shared folder.
These permissions apply when someone accesses the shared folder over the network. Once they are in, NTFS permissions determine what they can do with the individual files and folders inside the shared directory.
Here are some important points to consider:
- Combining Share and NTFS Permissions: When a user accesses a file over the network, both the Share Permissions and NTFS Permissions are checked. The most restrictive permission takes precedence.
- Inheritance: Share Permissions are generally not inherited by subfolders and files within the shared folder. However, NTFS permissions can be inherited.
- Access Levels: Share Permissions provide broader access levels compared to NTFS Permissions. For instance, if a user has Read Share Permission, they can read all files and folders in the shared directory regardless of the NTFS permissions on individual files.
- Best Practices: It's often recommended to set Share Permissions to Full Control for Everyone at the share level and manage access control with NTFS Permissions. This provides flexibility and granularity in controlling access.
- Deny Overrides Allow: If a user has been denied access at either the Share or NTFS level, that denial will override any allowed permissions they might have.
Configuring Permissions
To configure permissions for the share:
1. In Windows Explorer, right-click the folder you want to share, and then click Properties.
2. On the Sharing tab, click Advanced Sharing.
3. In User Account Control, click Continue to accept the prompt that Windows needs your permission to perform the action.
4. In the Advanced Sharing dialog box, check Share this folder.
5. Set the Share name and Comments as appropriate. To make the share hidden, add a $ to the end of the share name.
Note
Hiding a share means that when you connect to [\server](file://server/) you will not see the share unless you specifically enter the path [\server\share$](file://server/share$).
6. Click Permissions.
7. In the Permissions dialog box, remove the Everyone group, if it exists.
8. Add the appropriate user or group that should have access to the share.
9. Specify the permissions (Full Control, Change, Read) for the user or group.
10. Click OK twice and then click Close to close the dialog boxes.
It's important to carefully plan and configure both Share and NTFS Permissions to ensure that the right users have the appropriate level of access to shared resources while maintaining security.