dubaisans dubai wrote:
I have read that the best way to allocate permissions for shared
folders is - Share the folder . Give Share-Permissions as " Everyone
Full Control" and give the specific Allow/Deny permissions in the NTFS
tab.
Is there any insecurity in giving Share-permissions as Full control
and only specifying the NTFS permissions accurately ?
If no insecurities , why is Windows giving us the facility to give
permissions in 2 places and making it confusing?
Giving the share Full permissions and controlling access to files/directories with NTFS
permissions is a valid way of easing administrative burden, and presents no particular
threat, though I'd personally lock down the share permissions by at least removing the
Everyone entry and replacing it with a named group, such as Domain Users, or something
like that.
Why is it there? AFAICT, it's because of the legacy of Win9x and earlier, which had no
concept of file/directory permissions.
Kurt
