Guest Scott Posted March 20, 2008 Posted March 20, 2008 Where can I find the most up-to-date detailed guidance for best practice NTFS and Share permissions for User Home Directories and Roaming Profiles as well as how to use the sometimes daunting and confusing GUI interface for modifying permissions which actually highlights pitfalls and how to avoid them?
Guest lforbes Posted March 21, 2008 Posted March 21, 2008 RE: Best Practice NTFS & Share Permissions Document Profiles and Homed Hi, I am not sure what specifics you are looking for. However, in my Domain I leave ALL my share permissions as Everyone=Full Control and set everything via NTFS permissions. I have never found a need to set Share Permissions when I use NTFS permissions. I never give Everyone, or Creator/Owner access to any folders. I only share directories where the users have some type of read or write access too like profiles, home directories and shared directories. Any admin related directories I share with a $ at the end to make them hidden and then give only Administrators and System NTFS access (removing all other groups/users). I am not sure what is daunting about the NTFS GUI tab. Seems pretty straight forward to me unless you are trying to get into some specific advanced permissions. Cheers, Lara "Scott" wrote: > Where can I find the most up-to-date detailed guidance for best practice NTFS > and Share permissions for User Home Directories and Roaming Profiles as well > as how to use the sometimes daunting and confusing GUI interface for > modifying permissions which actually highlights pitfalls and how to avoid > them?
Guest Anteaus Posted March 21, 2008 Posted March 21, 2008 RE: Best Practice NTFS & Share Permissions Document Profiles and H RE: Best Practice NTFS & Share Permissions Document Profiles and H Have to say I do the opposite, and use share permissions. The exception is where individual users need specific rights, such as on home folders, as this would be too painstaking to set-up with individual shares. The one thing to avoid IMHO is using the share-management snap-in, which sets both kinds of permissions at the same time, creating a very confusing situation. Stick to one or the other. If you create your shares with Explorer or the NET command you avoid this duplication. > I am not sure what specifics you are looking for. However, in my Domain I > leave ALL my share permissions as Everyone=Full Control and set everything > via NTFS permissions. I have never found a need to set Share Permissions > when I use NTFS permissions. I never give Everyone, or Creator/Owner access > to any folders. > > Cheers, > Lara
Guest lforbes Posted March 21, 2008 Posted March 21, 2008 RE: Best Practice NTFS & Share Permissions Document Profiles and H RE: Best Practice NTFS & Share Permissions Document Profiles and H The thing is Share permissions give no local security access. With NTFS permissions they give security at both the local level and at the outside level access. Share permissions only protect from outside. For me I would rather the full-security if I have to choose. I don't share anything that doesn't need to be accessed by users, except my home folder, so I have no need to use Share Permissions. Cheers, Lara Also NTFS is a one stop tab. "Anteaus" wrote: > Have to say I do the opposite, and use share permissions. The exception is > where individual users need specific rights, such as on home folders, as this > would be too painstaking to set-up with individual shares. > > The one thing to avoid IMHO is using the share-management snap-in, which > sets both kinds of permissions at the same time, creating a very confusing > situation. Stick to one or the other. If you create your shares with > Explorer or the NET command you avoid this duplication. > > > I am not sure what specifics you are looking for. However, in my Domain I > > leave ALL my share permissions as Everyone=Full Control and set everything > > via NTFS permissions. I have never found a need to set Share Permissions > > when I use NTFS permissions. I never give Everyone, or Creator/Owner access > > to any folders. > > > > > Cheers, > > Lara >
Guest Scott Posted March 22, 2008 Posted March 22, 2008 RE: Best Practice NTFS & Share Permissions Document Profiles and Homed I appreciate the comments, but I am looking specifically for the kb articles or technical white papers which spell out the best practices. Can someone please provide me with the URL's? "Scott" wrote: > Where can I find the most up-to-date detailed guidance for best practice NTFS > and Share permissions for User Home Directories and Roaming Profiles as well > as how to use the sometimes daunting and confusing GUI interface for > modifying permissions which actually highlights pitfalls and how to avoid > them?
Guest JohnB Posted March 22, 2008 Posted March 22, 2008 Re: Best Practice NTFS & Share Permissions Document Profiles and Homed This is a good article on that subject: http://www.windowsecurity.com/articles/Share-Permissions.html It only covers the basics, but it's pretty good. I, in particular, agree with what he says about Authenticated Users; I use that on a share instead of Everyone. And he explains why it's a good reason to do it that way. This is a TechNet article that covers Roaming Profiles, Folder Redirection, and Folder Shares: http://technet.microsoft.com/en-us/library/bb457104.aspx HTH "Scott" <Scott@discussions.microsoft.com> wrote in message news:9800503B-EECD-43F2-AF9D-BAA7A9AB2B56@microsoft.com... >I appreciate the comments, but I am looking specifically for the kb >articles > or technical white papers which spell out the best practices. Can someone > please provide me with the URL's? > > "Scott" wrote: > >> Where can I find the most up-to-date detailed guidance for best practice >> NTFS >> and Share permissions for User Home Directories and Roaming Profiles as >> well >> as how to use the sometimes daunting and confusing GUI interface for >> modifying permissions which actually highlights pitfalls and how to avoid >> them?
Guest Brains,None Posted March 25, 2008 Posted March 25, 2008 Re: Best Practice NTFS & Share Permissions Document Profiles andH Re: Best Practice NTFS & Share Permissions Document Profiles andH What I do is to take the EVERYONE off the share, and put in AUTHENTICATED USERS (or whatever it's spelled) and do all else from the NTFS permissions... that way, casual people can't fiddle and see. j. lforbes wrote: > The thing is Share permissions give no local security access. With NTFS > permissions they give security at both the local level and at the outside > level access. Share permissions only protect from outside. > > For me I would rather the full-security if I have to choose. I don't share > anything that doesn't need to be accessed by users, except my home folder, so > I have no need to use Share Permissions. > > Cheers, > Lara > > Also NTFS is a one stop tab. > > "Anteaus" wrote: > >> Have to say I do the opposite, and use share permissions. The exception is >> where individual users need specific rights, such as on home folders, as this >> would be too painstaking to set-up with individual shares. >> >> The one thing to avoid IMHO is using the share-management snap-in, which >> sets both kinds of permissions at the same time, creating a very confusing >> situation. Stick to one or the other. If you create your shares with >> Explorer or the NET command you avoid this duplication. >> >>> I am not sure what specifics you are looking for. However, in my Domain I >>> leave ALL my share permissions as Everyone=Full Control and set everything >>> via NTFS permissions. I have never found a need to set Share Permissions >>> when I use NTFS permissions. I never give Everyone, or Creator/Owner access >>> to any folders. >>> >>> Cheers, >>> Lara
Recommended Posts