Jump to content

RE: Share permissions question

Guest Lisa

By Guest Lisa
in Windows 2003 Server

 Share

Recommended Posts

Guest Lisa

Guest Lisa

Posted
Posted

RE: Share permissions question

 

Hi David, I have read every post you and David have posted re permissions

i.e. parent and child inherient etc. I am not a newbie to the computer world

but definitely not a Tech either:). My question is, my ex boyfriend (who

works in the IT World) set up my computer. When I click properties--->

security---> I have the usually Admin, My name etc, but there is a list so

long, e.g. anonmyous user, remote access user, backup operator, etc. All

these have full rights, meaning all the boxes are ticked. Could you please

advise me if I have anything to worry about.

Kind regards

Lisa:)

 

"David Davis" wrote:

> Are your sharing permissions set to everyone, full control?

> --

> David Davis [MCSE, CCNA, Security +]

>

>

>

> "BrianB" wrote:

>

> > Hello,

> >

> > With the Advanced Security Settings Permissions (Traverse folder, List

> > folder, Read attributes, Read extended attributes, and Read permissions -

> > This folder only) why can't users map to a folder?

> > All inheritable permissions and Replace permission entries are not checked.

> >

> > Users need to map to this folder then choose a sub-folder from a list.

> > Users have Share permissions to use only some of the sub-folders and should

> > not be able to browse or use the sub-folders they do not have other Share

> > permissions to use.

> > Users can map a drive to the sub-folders they have permissions to but we

> > want to map a drive to the main folder so we don't end up mapping multiple

> > drives per user.

> >

> > Thanks

> > BrianB

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest David Davis

Guest David Davis

Posted
Posted

RE: Share permissions question

 

RE: Share permissions question

 

Interesting:

 

Just using the users that you listed below I would say:

 

anonmyous user - Never give this account full control unless the folder in

question is part of a website that you wish to allow anonmyous access, even

then IUSR should be given rights not anonmyous.

 

remote access user - Unless you are remoting in, you should not need this.

 

backup operator - If your machine is a member of a domain and you have

someone soley responsible for backups then this account really does not

belong either.

 

etc. Depends, definately should not have all.

 

Bottom line if you are the only user on the computer i.e. standaolone

machine not part of a domain, then the only permissions you need on your data

is the group Administrators, and your user account. Note that I specified

DATA, there are application folders that require special permissions such as

SYSTEM etc.

 

My general rule of thumb is that no one get full control with the exception

of owner and the local / domain admin account.

> these have full rights, meaning all the boxes are ticked

--

David Davis [MCSE, CCNA, Security +]

 

 

 

"Lisa" wrote:

> Hi David, I have read every post you and David have posted re permissions

> i.e. parent and child inherient etc. I am not a newbie to the computer world

> but definitely not a Tech either:). My question is, my ex boyfriend (who

> works in the IT World) set up my computer. When I click properties--->

> security---> I have the usually Admin, My name etc, but there is a list so

> long, e.g. anonmyous user, remote access user, backup operator, etc. All

> these have full rights, meaning all the boxes are ticked. Could you please

> advise me if I have anything to worry about.

> Kind regards

> Lisa:)

>

> "David Davis" wrote:

>

> > Are your sharing permissions set to everyone, full control?

> > --

> > David Davis [MCSE, CCNA, Security +]

> >

> >

> >

> > "BrianB" wrote:

> >

> > > Hello,

> > >

> > > With the Advanced Security Settings Permissions (Traverse folder, List

> > > folder, Read attributes, Read extended attributes, and Read permissions -

> > > This folder only) why can't users map to a folder?

> > > All inheritable permissions and Replace permission entries are not checked.

> > >

> > > Users need to map to this folder then choose a sub-folder from a list.

> > > Users have Share permissions to use only some of the sub-folders and should

> > > not be able to browse or use the sub-folders they do not have other Share

> > > permissions to use.

> > > Users can map a drive to the sub-folders they have permissions to but we

> > > want to map a drive to the main folder so we don't end up mapping multiple

> > > drives per user.

> > >

> > > Thanks

> > > BrianB

Guest Lisa

Guest Lisa

Posted
Posted

RE: Share permissions question

 

RE: Share permissions question

 

Thanks for your prompt reply and valuable info David. Hmm, now I am a little

worried.

Ex boyfriend b/c he set up computer obv knows my admin rights number. Im

note sure if this is relevant, whether he can login and check my computer at

anytime.

 

Pls see below an example maybe this will help:

 

C:\Documents and Settings\All Users\Application Data\Microsoft

Properties\Security. Group or user names as follows:

Administrators (with my name and admin numbers)

Everyone

Power Users (my name & admin number)

System

Users (my name & admin number)

All these have every box ticked to 'allow'

Go to advanced ---> Effective Permissions---> Select--->Advanced-->Find

now---> there is about 20 heading here e.g.the ones I have mentioned above

plus remote interactive login, replicator,remote desktop user, network conf

operator, some guests are marked (with a cross, obv non existent) two other

guest headings (without a cross, meaning they are active?),anonymous logon.

All these have the number of my admin rights next to them. I cannot delete

any of them, because they are inherient from the parent to the child. Im not

very familiar with this parent and child aspect.

 

This is typical of most of the files on my computer.

 

Appreciate your input. Thanks David

Cheers Lisa:)

 

 

"David Davis" wrote:

> Interesting:

>

> Just using the users that you listed below I would say:

>

> anonmyous user - Never give this account full control unless the folder in

> question is part of a website that you wish to allow anonmyous access, even

> then IUSR should be given rights not anonmyous.

>

> remote access user - Unless you are remoting in, you should not need this.

>

> backup operator - If your machine is a member of a domain and you have

> someone soley responsible for backups then this account really does not

> belong either.

>

> etc. Depends, definately should not have all.

>

> Bottom line if you are the only user on the computer i.e. standaolone

> machine not part of a domain, then the only permissions you need on your data

> is the group Administrators, and your user account. Note that I specified

> DATA, there are application folders that require special permissions such as

> SYSTEM etc.

>

> My general rule of thumb is that no one get full control with the exception

> of owner and the local / domain admin account.

>

> > these have full rights, meaning all the boxes are ticked

> --

> David Davis [MCSE, CCNA, Security +]

>

>

>

> "Lisa" wrote:

>

> > Hi David, I have read every post you and David have posted re permissions

> > i.e. parent and child inherient etc. I am not a newbie to the computer world

> > but definitely not a Tech either:). My question is, my ex boyfriend (who

> > works in the IT World) set up my computer. When I click properties--->

> > security---> I have the usually Admin, My name etc, but there is a list so

> > long, e.g. anonmyous user, remote access user, backup operator, etc. All

> > these have full rights, meaning all the boxes are ticked. Could you please

> > advise me if I have anything to worry about.

> > Kind regards

> > Lisa:)

> >

> > "David Davis" wrote:

> >

> > > Are your sharing permissions set to everyone, full control?

> > > --

> > > David Davis [MCSE, CCNA, Security +]

> > >

> > >

> > >

> > > "BrianB" wrote:

> > >

> > > > Hello,

> > > >

> > > > With the Advanced Security Settings Permissions (Traverse folder, List

> > > > folder, Read attributes, Read extended attributes, and Read permissions -

> > > > This folder only) why can't users map to a folder?

> > > > All inheritable permissions and Replace permission entries are not checked.

> > > >

> > > > Users need to map to this folder then choose a sub-folder from a list.

> > > > Users have Share permissions to use only some of the sub-folders and should

> > > > not be able to browse or use the sub-folders they do not have other Share

> > > > permissions to use.

> > > > Users can map a drive to the sub-folders they have permissions to but we

> > > > want to map a drive to the main folder so we don't end up mapping multiple

> > > > drives per user.

> > > >

> > > > Thanks

> > > > BrianB

Guest David Davis

Guest David Davis

Posted
Posted

RE: Share permissions question

 

RE: Share permissions question

 

If you are concerned that he may have access and he is a IT professional,

then the only way you can be sure that he will not access is either A: stay

offline or B: backup your data and perform a complete format and re-install.

 

I would go with option B.

 

Off of the top of my head I do not know what the appropriate security

settings should be. However under no circumstances shoulf everyone be given

full control.

--

David Davis [MCSE, CCNA, Security +]

 

 

 

"Lisa" wrote:

> Thanks for your prompt reply and valuable info David. Hmm, now I am a little

> worried.

> Ex boyfriend b/c he set up computer obv knows my admin rights number. Im

> note sure if this is relevant, whether he can login and check my computer at

> anytime.

>

> Pls see below an example maybe this will help:

>

> C:\Documents and Settings\All Users\Application Data\Microsoft

> Properties\Security. Group or user names as follows:

> Administrators (with my name and admin numbers)

> Everyone

> Power Users (my name & admin number)

> System

> Users (my name & admin number)

> All these have every box ticked to 'allow'

> Go to advanced ---> Effective Permissions---> Select--->Advanced-->Find

> now---> there is about 20 heading here e.g.the ones I have mentioned above

> plus remote interactive login, replicator,remote desktop user, network conf

> operator, some guests are marked (with a cross, obv non existent) two other

> guest headings (without a cross, meaning they are active?),anonymous logon.

> All these have the number of my admin rights next to them. I cannot delete

> any of them, because they are inherient from the parent to the child. Im not

> very familiar with this parent and child aspect.

>

> This is typical of most of the files on my computer.

>

> Appreciate your input. Thanks David

> Cheers Lisa:)

>

>

> "David Davis" wrote:

>

> > Interesting:

> >

> > Just using the users that you listed below I would say:

> >

> > anonmyous user - Never give this account full control unless the folder in

> > question is part of a website that you wish to allow anonmyous access, even

> > then IUSR should be given rights not anonmyous.

> >

> > remote access user - Unless you are remoting in, you should not need this.

> >

> > backup operator - If your machine is a member of a domain and you have

> > someone soley responsible for backups then this account really does not

> > belong either.

> >

> > etc. Depends, definately should not have all.

> >

> > Bottom line if you are the only user on the computer i.e. standaolone

> > machine not part of a domain, then the only permissions you need on your data

> > is the group Administrators, and your user account. Note that I specified

> > DATA, there are application folders that require special permissions such as

> > SYSTEM etc.

> >

> > My general rule of thumb is that no one get full control with the exception

> > of owner and the local / domain admin account.

> >

> > > these have full rights, meaning all the boxes are ticked

> > --

> > David Davis [MCSE, CCNA, Security +]

> >

> >

> >

> > "Lisa" wrote:

> >

> > > Hi David, I have read every post you and David have posted re permissions

> > > i.e. parent and child inherient etc. I am not a newbie to the computer world

> > > but definitely not a Tech either:). My question is, my ex boyfriend (who

> > > works in the IT World) set up my computer. When I click properties--->

> > > security---> I have the usually Admin, My name etc, but there is a list so

> > > long, e.g. anonmyous user, remote access user, backup operator, etc. All

> > > these have full rights, meaning all the boxes are ticked. Could you please

> > > advise me if I have anything to worry about.

> > > Kind regards

> > > Lisa:)

> > >

> > > "David Davis" wrote:

> > >

> > > > Are your sharing permissions set to everyone, full control?

> > > > --

> > > > David Davis [MCSE, CCNA, Security +]

> > > >

> > > >

> > > >

> > > > "BrianB" wrote:

> > > >

> > > > > Hello,

> > > > >

> > > > > With the Advanced Security Settings Permissions (Traverse folder, List

> > > > > folder, Read attributes, Read extended attributes, and Read permissions -

> > > > > This folder only) why can't users map to a folder?

> > > > > All inheritable permissions and Replace permission entries are not checked.

> > > > >

> > > > > Users need to map to this folder then choose a sub-folder from a list.

> > > > > Users have Share permissions to use only some of the sub-folders and should

> > > > > not be able to browse or use the sub-folders they do not have other Share

> > > > > permissions to use.

> > > > > Users can map a drive to the sub-folders they have permissions to but we

> > > > > want to map a drive to the main folder so we don't end up mapping multiple

> > > > > drives per user.

> > > > >

> > > > > Thanks

> > > > > BrianB

Guest Lisa

Guest Lisa

Posted
Posted

RE: Share permissions question

 

RE: Share permissions question

 

Thankyou again David for your info. I thought my only option would be to

reformat. Will do so as soon as I have backed up. Sincerely appreciate your

input. Have a great day

From a lady downunder:)

 

"David Davis" wrote:

> If you are concerned that he may have access and he is a IT professional,

> then the only way you can be sure that he will not access is either A: stay

> offline or B: backup your data and perform a complete format and re-install.

>

> I would go with option B.

>

> Off of the top of my head I do not know what the appropriate security

> settings should be. However under no circumstances shoulf everyone be given

> full control.

> --

> David Davis [MCSE, CCNA, Security +]

>

>

>

> "Lisa" wrote:

>

> > Thanks for your prompt reply and valuable info David. Hmm, now I am a little

> > worried.

> > Ex boyfriend b/c he set up computer obv knows my admin rights number. Im

> > note sure if this is relevant, whether he can login and check my computer at

> > anytime.

> >

> > Pls see below an example maybe this will help:

> >

> > C:\Documents and Settings\All Users\Application Data\Microsoft

> > Properties\Security. Group or user names as follows:

> > Administrators (with my name and admin numbers)

> > Everyone

> > Power Users (my name & admin number)

> > System

> > Users (my name & admin number)

> > All these have every box ticked to 'allow'

> > Go to advanced ---> Effective Permissions---> Select--->Advanced-->Find

> > now---> there is about 20 heading here e.g.the ones I have mentioned above

> > plus remote interactive login, replicator,remote desktop user, network conf

> > operator, some guests are marked (with a cross, obv non existent) two other

> > guest headings (without a cross, meaning they are active?),anonymous logon.

> > All these have the number of my admin rights next to them. I cannot delete

> > any of them, because they are inherient from the parent to the child. Im not

> > very familiar with this parent and child aspect.

> >

> > This is typical of most of the files on my computer.

> >

> > Appreciate your input. Thanks David

> > Cheers Lisa:)

> >

> >

> > "David Davis" wrote:

> >

> > > Interesting:

> > >

> > > Just using the users that you listed below I would say:

> > >

> > > anonmyous user - Never give this account full control unless the folder in

> > > question is part of a website that you wish to allow anonmyous access, even

> > > then IUSR should be given rights not anonmyous.

> > >

> > > remote access user - Unless you are remoting in, you should not need this.

> > >

> > > backup operator - If your machine is a member of a domain and you have

> > > someone soley responsible for backups then this account really does not

> > > belong either.

> > >

> > > etc. Depends, definately should not have all.

> > >

> > > Bottom line if you are the only user on the computer i.e. standaolone

> > > machine not part of a domain, then the only permissions you need on your data

> > > is the group Administrators, and your user account. Note that I specified

> > > DATA, there are application folders that require special permissions such as

> > > SYSTEM etc.

> > >

> > > My general rule of thumb is that no one get full control with the exception

> > > of owner and the local / domain admin account.

> > >

> > > > these have full rights, meaning all the boxes are ticked

> > > --

> > > David Davis [MCSE, CCNA, Security +]

> > >

> > >

> > >

> > > "Lisa" wrote:

> > >

> > > > Hi David, I have read every post you and David have posted re permissions

> > > > i.e. parent and child inherient etc. I am not a newbie to the computer world

> > > > but definitely not a Tech either:). My question is, my ex boyfriend (who

> > > > works in the IT World) set up my computer. When I click properties--->

> > > > security---> I have the usually Admin, My name etc, but there is a list so

> > > > long, e.g. anonmyous user, remote access user, backup operator, etc. All

> > > > these have full rights, meaning all the boxes are ticked. Could you please

> > > > advise me if I have anything to worry about.

> > > > Kind regards

> > > > Lisa:)

> > > >

> > > > "David Davis" wrote:

> > > >

> > > > > Are your sharing permissions set to everyone, full control?

> > > > > --

> > > > > David Davis [MCSE, CCNA, Security +]

> > > > >

> > > > >

> > > > >

> > > > > "BrianB" wrote:

> > > > >

> > > > > > Hello,

> > > > > >

> > > > > > With the Advanced Security Settings Permissions (Traverse folder, List

> > > > > > folder, Read attributes, Read extended attributes, and Read permissions -

> > > > > > This folder only) why can't users map to a folder?

> > > > > > All inheritable permissions and Replace permission entries are not checked.

> > > > > >

> > > > > > Users need to map to this folder then choose a sub-folder from a list.

> > > > > > Users have Share permissions to use only some of the sub-folders and should

> > > > > > not be able to browse or use the sub-folders they do not have other Share

> > > > > > permissions to use.

> > > > > > Users can map a drive to the sub-folders they have permissions to but we

> > > > > > want to map a drive to the main folder so we don't end up mapping multiple

> > > > > > drives per user.

> > > > > >

> > > > > > Thanks

> > > > > > BrianB

Guest David Davis

Guest David Davis

Posted
Posted

RE: Share permissions question

 

RE: Share permissions question

 

No problem.

--

David Davis [MCSE, CCNA, Security +]

 

 

 

"Lisa" wrote:

> Thankyou again David for your info. I thought my only option would be to

> reformat. Will do so as soon as I have backed up. Sincerely appreciate your

> input. Have a great day

> From a lady downunder:)

>

> "David Davis" wrote:

>

> > If you are concerned that he may have access and he is a IT professional,

> > then the only way you can be sure that he will not access is either A: stay

> > offline or B: backup your data and perform a complete format and re-install.

> >

> > I would go with option B.

> >

> > Off of the top of my head I do not know what the appropriate security

> > settings should be. However under no circumstances shoulf everyone be given

> > full control.

> > --

> > David Davis [MCSE, CCNA, Security +]

> >

> >

> >

> > "Lisa" wrote:

> >

> > > Thanks for your prompt reply and valuable info David. Hmm, now I am a little

> > > worried.

> > > Ex boyfriend b/c he set up computer obv knows my admin rights number. Im

> > > note sure if this is relevant, whether he can login and check my computer at

> > > anytime.

> > >

> > > Pls see below an example maybe this will help:

> > >

> > > C:\Documents and Settings\All Users\Application Data\Microsoft

> > > Properties\Security. Group or user names as follows:

> > > Administrators (with my name and admin numbers)

> > > Everyone

> > > Power Users (my name & admin number)

> > > System

> > > Users (my name & admin number)

> > > All these have every box ticked to 'allow'

> > > Go to advanced ---> Effective Permissions---> Select--->Advanced-->Find

> > > now---> there is about 20 heading here e.g.the ones I have mentioned above

> > > plus remote interactive login, replicator,remote desktop user, network conf

> > > operator, some guests are marked (with a cross, obv non existent) two other

> > > guest headings (without a cross, meaning they are active?),anonymous logon.

> > > All these have the number of my admin rights next to them. I cannot delete

> > > any of them, because they are inherient from the parent to the child. Im not

> > > very familiar with this parent and child aspect.

> > >

> > > This is typical of most of the files on my computer.

> > >

> > > Appreciate your input. Thanks David

> > > Cheers Lisa:)

> > >

> > >

> > > "David Davis" wrote:

> > >

> > > > Interesting:

> > > >

> > > > Just using the users that you listed below I would say:

> > > >

> > > > anonmyous user - Never give this account full control unless the folder in

> > > > question is part of a website that you wish to allow anonmyous access, even

> > > > then IUSR should be given rights not anonmyous.

> > > >

> > > > remote access user - Unless you are remoting in, you should not need this.

> > > >

> > > > backup operator - If your machine is a member of a domain and you have

> > > > someone soley responsible for backups then this account really does not

> > > > belong either.

> > > >

> > > > etc. Depends, definately should not have all.

> > > >

> > > > Bottom line if you are the only user on the computer i.e. standaolone

> > > > machine not part of a domain, then the only permissions you need on your data

> > > > is the group Administrators, and your user account. Note that I specified

> > > > DATA, there are application folders that require special permissions such as

> > > > SYSTEM etc.

> > > >

> > > > My general rule of thumb is that no one get full control with the exception

> > > > of owner and the local / domain admin account.

> > > >

> > > > > these have full rights, meaning all the boxes are ticked

> > > > --

> > > > David Davis [MCSE, CCNA, Security +]

> > > >

> > > >

> > > >

> > > > "Lisa" wrote:

> > > >

> > > > > Hi David, I have read every post you and David have posted re permissions

> > > > > i.e. parent and child inherient etc. I am not a newbie to the computer world

> > > > > but definitely not a Tech either:). My question is, my ex boyfriend (who

> > > > > works in the IT World) set up my computer. When I click properties--->

> > > > > security---> I have the usually Admin, My name etc, but there is a list so

> > > > > long, e.g. anonmyous user, remote access user, backup operator, etc. All

> > > > > these have full rights, meaning all the boxes are ticked. Could you please

> > > > > advise me if I have anything to worry about.

> > > > > Kind regards

> > > > > Lisa:)

> > > > >

> > > > > "David Davis" wrote:

> > > > >

> > > > > > Are your sharing permissions set to everyone, full control?

> > > > > > --

> > > > > > David Davis [MCSE, CCNA, Security +]

> > > > > >

> > > > > >

> > > > > >

> > > > > > "BrianB" wrote:

> > > > > >

> > > > > > > Hello,

> > > > > > >

> > > > > > > With the Advanced Security Settings Permissions (Traverse folder, List

> > > > > > > folder, Read attributes, Read extended attributes, and Read permissions -

> > > > > > > This folder only) why can't users map to a folder?

> > > > > > > All inheritable permissions and Replace permission entries are not checked.

> > > > > > >

> > > > > > > Users need to map to this folder then choose a sub-folder from a list.

> > > > > > > Users have Share permissions to use only some of the sub-folders and should

> > > > > > > not be able to browse or use the sub-folders they do not have other Share

> > > > > > > permissions to use.

> > > > > > > Users can map a drive to the sub-folders they have permissions to but we

> > > > > > > want to map a drive to the main folder so we don't end up mapping multiple

> > > > > > > drives per user.

> > > > > > >

> > > > > > > Thanks

> > > > > > > BrianB

 Share
Go to topic listing
×
×
  • Create New...