Share level permissions don't apply to domains?

According to the XP tech notes on this site, shared folders' permissions are read, change, and full control; However, while logged onto a domain, I viewed the Security tab of a shared folder on a network server and the permissions were NTFS (Read, Write, Read & Execute, etc.).

Aren't shares in a domain supposed to have share-level permissions like
Read, Change, and Full Control?

Find more posts tagged with

Comments

Jerz

w^rl0rd wrote:

Aren't shares in a domain supposed to have share-level permissions like
Read, Change, and Full Control?

To see the share permissions for that server you can go to START, right click MY COMPUTER, click MANAGE, right click COMPUTER MANAGEMENT (LOCAL), click SELECT ANOTHER COMPUTER, type in the name of the server or click browse, click OK, in the left pane: expand SYSTEM TOOLS, expand SHARED FOLDERS, click SHARES, right click a share and select PROPERTIES, click SHARE PERMISSIONS.

I'm not an MCSE... but I did stay at a Holiday Inn Express last night.

Jerz

w^rl0rd

Unfortunately, when I try to do that from my domain, I get "access is denied." I'm sure I don't have permissions to even view this. Anyway, why would I see NTFS permissions when I browse to a server and view its security tab?

Chivalry1

I'm not an MCSE... but I did stay at a Holiday Inn Express last night.

Jerz[/quote]

LMAO.

Jerz

w^rl0rd wrote:

Unfortunately, when I try to do that from my domain, I get "access is denied." I'm sure I don't have permissions to even view this. Anyway, why would I see NTFS permissions when I browse to a server and view its security tab?

Ahh... I figured you didn't have permission but what the heck give it a go anyway, right?

Here's a good read:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/86987829-3f74-412f-abb8-c8b22b07257d.mspx

Jerz

w^rl0rd

OK. Now, rather than create a new post, since my new question is on the same lines, I'll ask this:

Although, I have read the technotes, I have found nothing stating that in a domain environment, I should not bother w/ NTFS permissions.

Basically, I should only be concerned w/ NTFS permissons when I want to allow or deny access to groups on that local machine right?

I mean, if it is concerning a shared file or folder and people will be accessing it over the network, then all I care about is shared permissons right?

Sorry about all of the questions, but I need to get over this permissions hump.

hhisgett

File level permissions take precidence over share level permissions.

You HAVE to share the resource in order to allow users to access it from the network. You grant share level permissions at that point. AS you already mention, you only have full control, change and read at that level. Microsoft says that you can grant more specific permissions at the file level for those resources and this is where NTFS permissions come in.

NTFS permissions work both at the locally and remotely. So the permissions you apply at the file level for your resources will be used for network users and local users.

garv221

Set the share level to allow everyone access & change permissions on the security for AC.