Blue said:
Anyone advise when you would also use Share Permissions (on 2003
server) - previously this was set to Everyone - Full control and used
NTFS permission only
Share permissions are permissions to use a share. They say nothing about
permissions below the share. They also only apply to remote users, those
not actually at the machine.
NTFS permissions control the access of a user (remotely via a share or
locally) to directories and files on the hard disk.
A user may have Full Control share permissions to a share and have NTFS
read permissions to part of the file system under the share, no NTFS
permissions to another part of the file system under the share and full
control to yet a further part of the file system under the share.
It's like a ticket to a sports game. The ticket itself gets you entry to
the stadium (share permissions) and the seat number allows you to sit in
a particular seat or maybe a particular section of the ground. Unlike a
ticket to a sports game the share permissions and NTFS permissions are
seperate.
Most people set share permissions to Full Control (anyone can get into
the stadium if they have a ticket), and the NTFS permissions to control
access for the user as required to files and directories (you only have
access to a particular seat or area of the seating).
You would use share permissions to (crudely) prevent someone from
connecting to the share (serve them a notice not to enter the stadium).
You would use NTFS permissions to control what they do after entering
(barred from parts of the ground, allowed into others, etc).
Cheers,
Cliff
