Question on sharing/NTFS permissions

What is Microsoft's official stance on Sharing vs NTFS permissions? I ask because at work, we give everyone full control for sharing but limit our permissions using NTFS, so basically voiding out the sharing permissions. I am not sure if that is the best business practice but it does eliminate any conflicts between Sharing permissions and NTFS permissions.

I just need to know the Microsoft answer as to what they recomend so when I take the test I think from their POV and not mine... Thanks!

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

RobertKaucher

What you are doing in practice is perfectly fine, of course. But from a testing perspective you might need to consider "When should a group need to be excluded from even seeing that a share exists?" Or a similar idea. If you have any examples from test prep questions it might be easier to help you. But really these types of questions are pretty straight forward. They are just complex in that you will be given a scenario with 3 groups and Bill is in two groups and they make it seem like maybe you should use "deny" but Bill would be denied access so you can't do that.

They are not really going to try and trick you by creating share permissions that are too broad. But they will expect you to apply proper share permissions... So if only HR needs access to this share you won't grant Everyone FC at the share level. So from a testing perspective grant only the groups necessary the broadest SHARE permissions needed. Restrict those at a finer grained level using NTFS just like you do at work.

Unforg1ven

^ Pretty spot on. For testing purposes, try to practice the principal of "least privilege" for most scenarios. In fact, they will bait you in with choices that seem similar to the practical, real-world method.

Now does Microsoft tend to care about that.... not quite