Best Practice NTFS & Share Permissions Document Profiles and Homed

[Guest Scott]

Where can I find the most up-to-date detailed guidance for best practice NTFS

and Share permissions for User Home Directories and Roaming Profiles as well

as how to use the sometimes daunting and confusing GUI interface for

modifying permissions which actually highlights pitfalls and how to avoid

them?

[Guest lforbes]

RE: Best Practice NTFS & Share Permissions Document Profiles and Homed

 

Hi,

 

I am not sure what specifics you are looking for. However, in my Domain I

leave ALL my share permissions as Everyone=Full Control and set everything

via NTFS permissions. I have never found a need to set Share Permissions

when I use NTFS permissions. I never give Everyone, or Creator/Owner access

to any folders.

 

I only share directories where the users have some type of read or write

access too like profiles, home directories and shared directories.

 

Any admin related directories I share with a $ at the end to make them

hidden and then give only Administrators and System NTFS access (removing all

other groups/users).

 

I am not sure what is daunting about the NTFS GUI tab. Seems pretty straight

forward to me unless you are trying to get into some specific advanced

permissions.

 

Cheers,

Lara

 

"Scott" wrote:

> Where can I find the most up-to-date detailed guidance for best practice NTFS

> and Share permissions for User Home Directories and Roaming Profiles as well

> as how to use the sometimes daunting and confusing GUI interface for

> modifying permissions which actually highlights pitfalls and how to avoid

> them?

[Guest Anteaus]

RE: Best Practice NTFS & Share Permissions Document Profiles and H

 

RE: Best Practice NTFS & Share Permissions Document Profiles and H

 

Have to say I do the opposite, and use share permissions. The exception is

where individual users need specific rights, such as on home folders, as this

would be too painstaking to set-up with individual shares.

 

The one thing to avoid IMHO is using the share-management snap-in, which

sets both kinds of permissions at the same time, creating a very confusing

situation. Stick to one or the other. If you create your shares with

Explorer or the NET command you avoid this duplication.

> I am not sure what specifics you are looking for. However, in my Domain I

> leave ALL my share permissions as Everyone=Full Control and set everything

> via NTFS permissions. I have never found a need to set Share Permissions

> when I use NTFS permissions. I never give Everyone, or Creator/Owner access

> to any folders.

>

> Cheers,

> Lara

[Guest lforbes]

RE: Best Practice NTFS & Share Permissions Document Profiles and H

 

RE: Best Practice NTFS & Share Permissions Document Profiles and H

 

The thing is Share permissions give no local security access. With NTFS

permissions they give security at both the local level and at the outside

level access. Share permissions only protect from outside.

 

For me I would rather the full-security if I have to choose. I don't share

anything that doesn't need to be accessed by users, except my home folder, so

I have no need to use Share Permissions.

 

Cheers,

Lara

 

Also NTFS is a one stop tab.

 

"Anteaus" wrote:

> Have to say I do the opposite, and use share permissions. The exception is

> where individual users need specific rights, such as on home folders, as this

> would be too painstaking to set-up with individual shares.

>

> The one thing to avoid IMHO is using the share-management snap-in, which

> sets both kinds of permissions at the same time, creating a very confusing

> situation. Stick to one or the other. If you create your shares with

> Explorer or the NET command you avoid this duplication.

>

> > I am not sure what specifics you are looking for. However, in my Domain I

> > leave ALL my share permissions as Everyone=Full Control and set everything

> > via NTFS permissions. I have never found a need to set Share Permissions

> > when I use NTFS permissions. I never give Everyone, or Creator/Owner access

> > to any folders.

> >

>

> > Cheers,

> > Lara

>

[Guest Scott]

RE: Best Practice NTFS & Share Permissions Document Profiles and Homed

 

I appreciate the comments, but I am looking specifically for the kb articles

or technical white papers which spell out the best practices. Can someone

please provide me with the URL's?

 

"Scott" wrote:

> Where can I find the most up-to-date detailed guidance for best practice NTFS

> and Share permissions for User Home Directories and Roaming Profiles as well

> as how to use the sometimes daunting and confusing GUI interface for

> modifying permissions which actually highlights pitfalls and how to avoid

> them?

[Guest JohnB]

Re: Best Practice NTFS & Share Permissions Document Profiles and Homed

 

This is a good article on that subject:

http://www.windowsecurity.com/articles/Share-Permissions.html

It only covers the basics, but it's pretty good.

 

I, in particular, agree with what he says about Authenticated Users; I use

that on a share instead of Everyone. And he explains why it's a good reason

to do it that way.

 

This is a TechNet article that covers Roaming Profiles, Folder Redirection,

and Folder Shares:

http://technet.microsoft.com/en-us/library/bb457104.aspx

 

HTH

 

 

 

 

"Scott" <Scott@discussions.microsoft.com> wrote in message

news:9800503B-EECD-43F2-AF9D-BAA7A9AB2B56@microsoft.com...

>I appreciate the comments, but I am looking specifically for the kb

>articles

> or technical white papers which spell out the best practices. Can someone

> please provide me with the URL's?

>

> "Scott" wrote:

>

>> Where can I find the most up-to-date detailed guidance for best practice

>> NTFS

>> and Share permissions for User Home Directories and Roaming Profiles as

>> well

>> as how to use the sometimes daunting and confusing GUI interface for

>> modifying permissions which actually highlights pitfalls and how to avoid

>> them?

[Guest Brains,None]

Re: Best Practice NTFS & Share Permissions Document Profiles andH

 

Re: Best Practice NTFS & Share Permissions Document Profiles andH

 

What I do is to take the EVERYONE off the share, and put in

AUTHENTICATED USERS (or whatever it's spelled)

 

and do all else from the NTFS permissions...

 

that way, casual people can't fiddle and see.

 

j.

 

 

lforbes wrote:

> The thing is Share permissions give no local security access. With NTFS

> permissions they give security at both the local level and at the outside

> level access. Share permissions only protect from outside.

>

> For me I would rather the full-security if I have to choose. I don't share

> anything that doesn't need to be accessed by users, except my home folder, so

> I have no need to use Share Permissions.

>

> Cheers,

> Lara

>

> Also NTFS is a one stop tab.

>

> "Anteaus" wrote:

>

>> Have to say I do the opposite, and use share permissions. The exception is

>> where individual users need specific rights, such as on home folders, as this

>> would be too painstaking to set-up with individual shares.

>>

>> The one thing to avoid IMHO is using the share-management snap-in, which

>> sets both kinds of permissions at the same time, creating a very confusing

>> situation. Stick to one or the other. If you create your shares with

>> Explorer or the NET command you avoid this duplication.

>>

>>> I am not sure what specifics you are looking for. However, in my Domain I

>>> leave ALL my share permissions as Everyone=Full Control and set everything

>>> via NTFS permissions. I have never found a need to set Share Permissions

>>> when I use NTFS permissions. I never give Everyone, or Creator/Owner access

>>> to any folders.

>>>

>>> Cheers,

>>> Lara