1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NTFS Permissions and shares

Discussion in 'Windows Vista / 7 / 8 Client Exams' started by Meltin, Sep 27, 2005.

  1. Meltin

    Meltin Bit Poster

    41
    0
    12
    Hello...
    Just trying to get my head around NTFS permissions and shares on a workgroup. My understanding is that if you are not on a domain ie in a workgroup, you cant use NTFS permissions to restrict user access by users on other machines to folders on your machine, and have to instead rely on share permissions. If this is the case how do you assign access to user accounts on other machines in the share tab? On my machine the only location it is allowing me to select users from is the local machine.

    Sorry if this sounds confused but I am a bit.!!

    Any advice will be welcome.


    John
     
    Certifications: A+, Network+,MCSA
    WIP: 70-297
  2. arvy

    arvy Bit Poster

    33
    1
    13
    you use NTFS permissions to restrict users on local and remote machines.
    You use share permissions to restrict users from remote locations.
    Share permissions apply to folders on any type of file system.
    NTFS permisions apply to folders and files only on NTFS file systems.
    Generaly administrators share folders and files by sharing a folder with the grant full control on the share to the everyone group and restrict access to the files by NTFS permissions.

    Hope that helps.
     
    Certifications: compTIA A+, MCP 70-270
    WIP: MCSE
  3. Meltin

    Meltin Bit Poster

    41
    0
    12
    thanks.... But what I cant understand is how to share a folder (in a workgroup environment)with a group or a user on another machine other than by using the everyone group. In both the security tab and the sharing tab when you go to add a user or group the location button is only offering the local machine.
    Im probably being really dense here but...... lol

    John
     
    Certifications: A+, Network+,MCSA
    WIP: 70-297
  4. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    You have to create local user accounts for the remote users and give those accounts NTFS permissions.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  5. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Yes and just to add a little to what Freddy said, the accounts must have the same user name and *password* on all machines. It is the user name and password combination that is the key. So, in your workgroup of say three computers, create an account for your users on all three machines.

    In a domain, the user accounts are authenticated by a single machine, the DC (domain controller) and that issues a token to the client at log-in which is then used by the ACL (access control lists) etc to determine whether the user is allowed access to any given resource.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  6. Veteran's son

    Veteran's son Megabyte Poster

    915
    2
    55
    Great answer, Bluerinse! 8)
     
    Certifications: A+
    WIP: N+
  7. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Things won't necessarily work in the all situations in the way you've described. If different users have different needs and restrictions to shares then different accounts have to be used. IIRC you can still create local groups and users in a workgroup, and a combination of these can be used for share and NTFS permissions to restrict/allow access as required/needed.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  8. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Agreed Freddy but I didn't want to delve too deeply because I wanted to keep it straight forward so as not to confuse the OP.

    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  9. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    You probably have a point, but I think this stuff should be learned to be done right the first time. It doesn't take any longer to learn it from the right perspective to tell the truth, and it helps cut down on insecurely configured systems, and people having to learn things the hard way the second time around. If you have time to learn it twice, you have time to learn it right the first time.

    MS taught this stuff for years with no thought to security practices, and the legacy they gave us is millions of insecurely configured systems. They should have been teaching it right from day one and a whole lot of problems out in the business world might have very well been avoided.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  10. Meltin

    Meltin Bit Poster

    41
    0
    12
    Thanks for the help guys. So as long as a user on another pc in the workgroup has the same account name asnd password as one on the local machine they can use the permissions assigned to that local account ?
     
    Certifications: A+, Network+,MCSA
    WIP: 70-297
  11. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Yup. That's about it. If you create a local group and place the users in it you can assign the share permissions by that, and then either use different groups or specific user accounts for the NTFS permissions.

    It's almost always advisable to use group permissions as then all you have to do is add or delete users from the groups. You don't end up changing your actual NTFS permissions all the time. It's much easier to keep track of that way.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1

Share This Page

Loading...