Please help: file and folder permissions question

mephymephy Member Posts: 5 ■□□□□□□□□□
Hello all, I was wondering if any of you would be so kind as to help me with this scenario:

This case project involves configuring share and NTFS permissions. Dover Leasing is in the process of reviewing their current structure and practices. There has been talk of minor security breaches occurring in which users are able to gain access to information they should not be permitted to view. Management would like you to make some recommendations as to how permissions can be changed on specific folders.

a.) Two network servers maintain confidential information pertaining to financial data and employee data. Users access the folders both locally and on the network. Only members of the Managers group, Human Resources Group, and Accountants group should have access to these folders. Explain how permissions can be implemented, including a short description of how share permissions and NTFS permissions work together.

b.) Dover Leasing has recently hired a new server administrator to assist you. He has worked with Windows NT 4.0 in the past and is unfamiliar with Windows Server 2003. Prepare a brief explanation for the new administrator about how to configure Share and NTFS permissions.

I'm still trying to grasp the whole concept on file and folder permissions. Any help on this would be greatly appreciated! And I will be forever in your debt.. :)


  • sratakhinsratakhin Member Posts: 818
    Basically, you setup share permissions in such a way that anybody can read and modify files on the shares. Then, you implement NTFS permissions using more granular controls. This is done for simplicity and protects confidential files from accessing both locally and over the network.

    The most restrictive set of permissions always wins. You could, of course, restrict access to files using just share permissions, but it won't prevent local users from accessing the files they don't need.
  • mephymephy Member Posts: 5 ■□□□□□□□□□
    Thanks sratakhin. So I'm guessing the specific NTFS Permission I would set would be the Deny Permission (on the confidential folders) for anybody who didn't belong to the Managers group, Human Resources Group, or Accountants group correct? That way only those groups would have access to the confidential files and folders.

  • sratakhinsratakhin Member Posts: 818
    No, you should use the deny permissions very sparingly. If you don't explicitly allow somebody access to a particular resource, they will be denied from accessing it.
  • mephymephy Member Posts: 5 ■□□□□□□□□□
    Ok thanks, that makes sense. So if you don't mind me asking, what specific NTFS permissions would you set in this case?
  • sratakhinsratakhin Member Posts: 818
    I would set the share permissions to allow full access to authenticated users and then use the NTFS permissions to only allow read and modify access to the selected groups.
  • mephymephy Member Posts: 5 ■□□□□□□□□□
    Awesome, thanks a million! Anything I can do in return for helping me out?
  • sratakhinsratakhin Member Posts: 818
    You can give me a rep if you wish :)
    Feel free to ask questions. I'm taking this exam tomorrow morning and glad to help.
  • mephymephy Member Posts: 5 ■□□□□□□□□□
    Sweet, thanks again :). But it won't let me give you a rep, odd..
    Good luck on your exam!
Sign In or Register to comment.