Full access at share level and permissions at the OS level would be the best recommended method to control security. However, if you have a few terabytes of data (on a SAN or NAS) then you should consider creating a local group and apply permissions to the folder. Then on the local group add the desired groups/users from the domain. This will help if you decide to add remove people or groups from the domain and avoid having to re-apply permissions to all files, subdirectories, etc which can take you hours!
Good luck. Manuel Fernandes, CISSP/MCP Information Systems/Security Consultant [EMAIL PROTECTED] "Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works." ---- Excerpt from RFC 1925 -----Original Message----- From: Benjamin Meade [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 12:10 AM To: 'Security-Basics' Hey all, Just wondering in Win2K server, when I share a folder, I set the share permissions to full access for everybody, and then control access using the file permissions. (Basically cos it cuts down on administration, and I'm lazy.) Are there any security issues running this way, or is it much of a muchness? Thanks, Benjamin Meade System Administrator LanWest Pty Ltd Ph: (08) 9440 3033 Fax: (08) 9440 3370 --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
