It's a matter of preference I suppose. With 1000+ users scattered across 20+ locations we leave the shares open and control access at the file/folder level only. Hidden shares are used for the more sensitive items (although not home folders).
In my smaller environment home folders are hidden, the rest open at the share level, controlled again at file/folder level. Sounds like a MCSE test question except there is really no "right" answer, only preferences. Thirty six ways to do the same thing.... Dave Lum - [EMAIL PROTECTED] Sr. Network Specialist - Textron Financial 503-675-5510 -----Original Message----- From: Andrew S. Baker [mailto:[EMAIL PROTECTED]] Sent: Monday, December 30, 2002 08:24 AM To: NT 2000 Discussions Subject: RE: Possible STUPID NTFS Question I disagree. Using both sets of permissions (share and file) is a more effective way to manage resources, rather than letting everyone connect to every share, only to find that they can't access anything below it. There are very few shares that I'll leave with "EVERYONE:F" on them. ============================================================== ASB - http://www.ultratech-llc.com/KB/?File=Perms.TXT ============================================================== -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mustafa Ibrahim Sent: Monday, December 30, 2002 10:23 AM To: NT 2000 Discussions Subject: RE: Possible STUPID NTFS Question It is best you don't mix Share permissions with NTFS. It can be impossible to manage as it can cause confusion. Usually we'd assign full share permission to authenticated users, and lockdown the NTFS permissions. I would highly recommend this. If what you want is to hide folders, it is much more sensible to use hidden shares and just map a drive directly to that folder. I hope this helps. Good luck. -----Original Message----- From: Chris H [mailto:[EMAIL PROTECTED]] Sent: 30 December 2002 14:45 To: NT 2000 Discussions Subject: Possible STUPID NTFS Question I have never actually had to do this before (but I do now thanks to my boss! :) Can you set up NTFS permission so if there are a group of folders in the root of a shared folder, a group has CHANGE SHARE permissions and then CHANGE FOLDER permissions on ONE of the folders but not even SEE (LIST?) the rest of the folders? I have tried selecting the rest and setting DENY on every option but you can still list them and see them. Ideas? Am I missing something stupid? Windows 2000 server sp3 Thanks! Chris ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
