Security Basics mailing list archives

Re: Windows Sharing File Permissions

From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Tue, 11 Dec 2007 23:37:30 +0300

Hello Al Cooper,

Understanding NTFS permissions and share permissions is critical to
securely sharing local resources with others on the network.

Share permissions are the permissions that are applicable to a folder
(and not file) when the folder is shared. Share Permission determines
the level of access other users across the network have on the shared
folder. Share permissions are very few and are limited to Full
Control, Change, and Read only.

However, on the other hand, NTFS permissions are applicable not only
for folder, but also for file. NTFS permission determines the level of
access all users not only across the network, but also locally, have
on the file or folder. NTFS permission offers much fine grained
control over Share permission. NTFS permission includes Full Control,
Modify, Read and Execute, List Folder Contents, Read, Write and
Special Permission.

Besides this, unlike Share permission, NTFS permission allows facility
to allow/disallow inheritance of permissions of parent folder to files
and folders within it. Also one interesting thing to know is that NTFS
permissions are associated with the object, so the permissions are
always connected with the object during a rename, move, or archive of
the object. The same is not the case with Share Permission.

The most restrictive permission applies when share and NTFS
permissions conflict.

The best practice is generally to provide Full Control to
Authenticated Users as Share permission and then provide
granular/restrictive permission to individuals or groups using NTFS
permission.

You can get more information about Share and NTFS permission over
internet. These are just few of them:

1. http://www.zdnetasia.com/insight/software/0,39044822,39048326,00.htm
2. http://www.cramsession.com/articles/files/share-versus-ntfs-permiss-9162003-1702.asp
3. http://www.windowsecurity.com/articles/Share-Permissions.html

-- 
Nikhil Wagholikar
Information Security Analyst
NII Consulting
Web: www.niiconsulting.com



On Dec 11, 2007 7:05 PM, Al Cooper <cooper () hmcnetworks com> wrote:

Hi All,

In Windows, there are two places to set shared folder permissions in the
Folder Property Box, on the Security Tab and on the Sharing Tab under
permissions.  What is the difference between these two? Which one has
priority?  Why are there two?

I know this seems like a very basic question but I cannot find good
documentation on this.

Thanks for your help,


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Current thread:

Windows Sharing File Permissions Al Cooper (Dec 11)
- RE: Windows Sharing File Permissions wharfratjoe (Dec 12)
- Re: Windows Sharing File Permissions Nikhil Wagholikar (Dec 12)
  - Re: Windows Sharing File Permissions Raoul Armfield (Dec 18)
- RE: Windows Sharing File Permissions Nick Vaernhoej (Dec 12)
- RE: Windows Sharing File Permissions Jesse Eaton (Dec 12)
- Re: Windows Sharing File Permissions Micheal Espinola Jr (Dec 12)
- RE: Windows Sharing File Permissions Marc Ouwerkerk (Dec 12)
- RE: Windows Sharing File Permissions Bill Lavalette (Dec 12)
- Re: Windows Sharing File Permissions Jason Ross (Dec 12)
- RE: Windows Sharing File Permissions Ackley, Alex (Dec 12)
- RE: Windows Sharing File Permissions Scalcione.David (Dec 12)
- <Possible follow-ups>
- Re: Windows Sharing File Permissions jean . debogue (Dec 12)