1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

70-270 Share permissions

Discussion in 'Windows Vista / 7 / 8 Client Exams' started by salv236, Jun 9, 2010.

  1. salv236

    salv236 Nibble Poster

    57
    0
    23
    Hello,

    i am currently studying the topic concerning share permissions, i see that you can setup multiple share names for the sane folder and applying different share permissions.

    What i am finding difficulty understanding is why you would need such a requirement in the real world, can anyone picture a scenario?

    Thanks for any assistance.

    Best Regards

    Salv236
     
    Certifications: none
    WIP: MCSE XP/2K3
  2. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Are you meaning users?

    You might want one user to be able to everything on one part of the network but not allow them to do everything on another part of the network.

    If you mean folders then it can be a bit complex there are two different types NTFS and share.

    share only has 3 options and full control, change and read. The problem with shared folders is that it is set to everyone and read and this is why alot of time when you access a folder everyone else can too but they cant do anything and using share is a bad idea because you dont want every shared folder to be set to read and you don't want eveyrone to be able to see it either. So this is why NTFS permissions come in because you can set NTFS permissions to be accessed by certain groups and set it so those groups are only allowed to do what you want them to do. If I am correct all in all NTFS permission allow 14 different permissions for example you can allow a user to have full control or another to modify the contents you may allow someone to list the contents but not allow them to change the contents.

    If you do a backup with NTFS or change the folders names then the NTFS permissions still apply with share they do not so from a security point of view NTFS should always be used.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  3. Simonvm

    Simonvm Kilobyte Poster

    472
    13
    41
    Suppose you have a network that spans over two sites in different countries, speaking two different languages.
    They both work on similar files, that should ultimately end up in the same folder on a central server in company HQ.
    Sharing the folder in both languages (two shares, same destination) could make it easier on the users and you'd still have the files from both locations in one folder.
    You can tighten it down with the different permissions, e.g. giving one group read-only accesss. Ofcourse that could also be done with just one share...

    Does that scenario make sense?
     
    Last edited: Jun 9, 2010
    Certifications: MCITP: EST, MCDST, MCTS, A+, N+, CCNP, CCNA Wireless
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Handy if you are migrating to new share names. You can keep the old one live while mapped drives are being sorted on users desktops.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    1. modifying a share when its in use

    2. Also you may wish to separate permissions logically under different share names
     
    Certifications: Loads
    WIP: Lots
  6. xmojo

    xmojo Nibble Poster

    89
    1
    5
    And yet the study guides I've read state that in real-world practice, folder shares are just an extra burden on the administrator to manage properly, and just about all admins give full access to Everyone group to a folder, and just use NTFS permissions to do the real grunt work of fine-tuning access. Just one example of Microsoft over-complicating matters. Sadly, we still need to learn about folder share for the sake of the exam.
     
  7. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    yeap.. we still need to know.

    .....also using share permissions is the only way to secure shares for FAT/FAT32 volumes. Again you rarely see this

    however, having admin experience as a recommend pre-request for the 270 you should know this :wink:
     
    Last edited: Jun 9, 2010
    Certifications: Loads
    WIP: Lots
  8. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    The thing is... you don't always have the luxury of administering or troubleshooting a network where everything was done using real-world best practices! If you don't understand how it works when it's NOT set up correctly, you won't recognize it when you encounter it.

    So... instead of lamenting how sad it is you have to learn it, just learn it with the knowledge that you might (and probably WILL) see it in the real-world someday.

    EDIT: Tell me this... do you know why admins give full access to Everyone on the share and use NTFS permissions to restrict access? There's a specific reason for doing it that way, not just "because that's how it works"...
     
    Last edited: Jun 9, 2010
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  9. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    more secure, more robust?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  10. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Nope... :)

    Think about in which situations share and NTFS permissions are used, and you'll have your answer.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  11. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    consistency between network and local users
    also easier to manage
     
    Last edited: Jun 9, 2010
    Certifications: Loads
    WIP: Lots
  12. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Neither's what I'm looking for. Why don't we set permissions on the share and allow Everyone NTFS access? That'd be just as easy to manage... but why don't we do that?
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  13. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I'll have one more go

    share permissions work over the network but not locally so its best to set share permissions with authenticated users having full control and use NTFS to do the standard permissions for each group
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  14. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    WINNER! :biggrin

    The reason why we study both NTFS *and* Share permissions is because it is NOT done the best-practice way in many environments. If you don't recognize the symptoms, you can't treat the disease.
     
    Last edited: Jun 9, 2010
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  15. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    lol I thought it had be to do with resources and troubleshooting but wasn't sure at first.

    BTW before anyone says I didn't read that out of the book, my book still got the selafane over it.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  16. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Doesn't matter if you read it or Googled it or asked your buddy... the point is that you figured out the answer as to why we set it one way versus setting it the other. ;)
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  17. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    yeah suppose not, I was actually doing some of this the other day so should have got it first time around.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  18. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    not a single point but i'll let you off :D problem is i can think of 999 (not literally) reasons


    I was also going add to a previous post you need to know about share permissions because you actually have to change them for that scenario as the default now a days is read only. :D
     
    Last edited: Jun 10, 2010
    Certifications: Loads
    WIP: Lots
  19. supernova

    supernova Gigabyte Poster

    1,422
    21
    80

    I am sure its covered in the MCDST books aswell :D

    [update] yeah it is
     
    Last edited: Jun 10, 2010
    Certifications: Loads
    WIP: Lots

Share This Page

Loading...