General discussion


Share Permission And NTFS Permisssion

By m_farsadi2000 ·
My question is about combining Share Permission And NTFS Permisssion.
I have three folders In three level.General is level 1 and Manager is level 2 and Ali is level 3. (General-> Manager-> Ali)
I want to share only General folder. And user only read contents in this folder . I choose Read permission in Share Permission and Read & Execute in NTFS permission. And I tick the Propagate section in Advanced.I also want to users only read the contents of manager folder.
But I want to users can copy and delete contents of Ali folder then I choose full permission in NTFS Permission of Ali and I remove the tick of propagate in advanced section .
Now when I copy any file in Ali folder in shows Access Denied error.
But I want users can copy or delete in this folder.
Can any one help me.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

share & NTFS

by CG IT In reply to Share Permission And NTFS ...

most restrictive apply.

Child folders inherit parent's permissions unless you specify otherwise. If Ali is a child folder of the parent, Manager, users will have the most restrictive settings which is read.

your making permissions to complicated with folders within folders unless you must use folders within folders because an application requires it.

Collapse -

How we handle this.

by CharlieSpencer In reply to Share Permission And NTFS ...

We set Share permissions to 'Everyone - Full Control' and use the NTFS permissions to control access. As CG IT noted, the most restrictive permissions apply.

In your situation I'd set Share perms to 'Everyone - Full Control' on General. Set NTFS to 'Domain Users - Read' for General and Manager. Set NTFS to 'Domain Users - Change' on Ali and remove Propogate. Set NTFS for 'Domain Admins - Full Control' or 'M Farsadi - FC" on all directories; never give users FC since it allows them to change the NTFS permissions.

Collapse -

to add to Palmetto

by CG IT In reply to How we handle this.

we use global groups to determine NTFS security. It's far easier tracking who has what with groups than individual users. Also assigning individuals permission might give an individual more than what you want as share and NTFS are cumulative with most restrictive applying.

Related Discussions

Related Forums