70-270 Share permissions

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello,

i am currently studying the topic concerning share permissions, i see that you can setup multiple share names for the sane folder and applying different share permissions.

What i am finding difficulty understanding is why you would need such a requirement in the real world, can anyone picture a scenario?

Thanks for any assistance.

Best Regards

Salv236

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Are you meaning users?

You might want one user to be able to everything on one part of the network but not allow them to do everything on another part of the network.

If you mean folders then it can be a bit complex there are two different types NTFS and share.

share only has 3 options and full control, change and read. The problem with shared folders is that it is set to everyone and read and this is why alot of time when you access a folder everyone else can too but they cant do anything and using share is a bad idea because you dont want every shared folder to be set to read and you don't want eveyrone to be able to see it either. So this is why NTFS permissions come in because you can set NTFS permissions to be accessed by certain groups and set it so those groups are only allowed to do what you want them to do. If I am correct all in all NTFS permission allow 14 different permissions for example you can allow a user to have full control or another to modify the contents you may allow someone to list the contents but not allow them to change the contents.

If you do a backup with NTFS or change the folders names then the NTFS permissions still apply with share they do not so from a security point of view NTFS should always be used.

 

Suppose you have a network that spans over two sites in different countries, speaking two different languages.
They both work on similar files, that should ultimately end up in the same folder on a central server in company HQ.
Sharing the folder in both languages (two shares, same destination) could make it easier on the users and you'd still have the files from both locations in one folder.
You can tighten it down with the different permissions, e.g. giving one group read-only accesss. Ofcourse that could also be done with just one share...

Does that scenario make sense?

 

1. modifying a share when its in use

2. Also you may wish to separate permissions logically under different share names

 

And yet the study guides I've read state that in real-world practice, folder shares are just an extra burden on the administrator to manage properly, and just about all admins give full access to Everyone group to a folder, and just use NTFS permissions to do the real grunt work of fine-tuning access. Just one example of Microsoft over-complicating matters. Sadly, we still need to learn about folder share for the sake of the exam.

 

yeap.. we still need to know.

.....also using share permissions is the only way to secure shares for FAT/FAT32 volumes. Again you rarely see this

however, having admin experience as a recommend pre-request for the 270 you should know this

 

The thing is... you don't always have the luxury of administering or troubleshooting a network where everything was done using real-world best practices! If you don't understand how it works when it's NOT set up correctly, you won't recognize it when you encounter it.

So... instead of lamenting how sad it is you have to learn it, just learn it with the knowledge that you might (and probably WILL) see it in the real-world someday.

EDIT: Tell me this... do you know why admins give full access to Everyone on the share and use NTFS permissions to restrict access? There's a specific reason for doing it that way, not just "because that's how it works"...

 

more secure, more robust?

 

Nope...

Think about in which situations share and NTFS permissions are used, and you'll have your answer.

 

consistency between network and local users
also easier to manage

 

Neither's what I'm looking for. Why don't we set permissions on the share and allow Everyone NTFS access? That'd be just as easy to manage... but why don't we do that?

 

I'll have one more go

share permissions work over the network but not locally so its best to set share permissions with authenticated users having full control and use NTFS to do the standard permissions for each group

 

WINNER!

The reason why we study both NTFS *and* Share permissions is because it is NOT done the best-practice way in many environments. If you don't recognize the symptoms, you can't treat the disease.

 

lol I thought it had be to do with resources and troubleshooting but wasn't sure at first.

BTW before anyone says I didn't read that out of the book, my book still got the selafane over it.

 

Doesn't matter if you read it or Googled it or asked your buddy... the point is that you figured out the answer as to why we set it one way versus setting it the other. ;)

 

yeah suppose not, I was actually doing some of this the other day so should have got it first time around.

 

not a single point but i'll let you off problem is i can think of 999 (not literally) reasons


I was also going add to a previous post you need to know about share permissions because you actually have to change them for that scenario as the default now a days is read only.

 

I am sure its covered in the MCDST books aswell

[update] yeah it is