NTFS permissions

[jarka]

Hi all,
Im currently studying for the 210.
When your assigning permissions for a share, are you supposed to remove the
EVERYONE permission and then add the user?

regards.

 

[Steven L Umbach]

That is considered best practice. There may be situations where legacy
applications require the everyone group, but that is not the norm - just
someting to keep in mind. The important thing is that the permissions be
correct with the least needed to get the job done principle being used. By
default the everyone group is given full control which usually is way too
much. Administrators generally should have full control and users read or
modify if they need to save files. Keep in mind that share permissions only
apply to network access and that they are used in conjunction with ntfs
permisions to control access to resources. Also I would not recommend
changing the permissions on any shares created by the operating system such
as the sysvol share on a domain controller unless there are explicit
instructions in a Knowledge Base article for such. --- Steve

 

[jarka]

Thanks for clarifying this for me!

That is considered best practice. There may be situations where legacy
applications require the everyone group, but that is not the norm - just
someting to keep in mind. The important thing is that the permissions be
correct with the least needed to get the job done principle being used. By
default the everyone group is given full control which usually is way too
much. Administrators generally should have full control and users read or
modify if they need to save files. Keep in mind that share permissions only
apply to network access and that they are used in conjunction with ntfs
permisions to control access to resources. Also I would not recommend
changing the permissions on any shares created by the operating system such
as the sysvol share on a domain controller unless there are explicit
instructions in a Knowledge Base article for such. --- Steve