UEU-co logo


Previous Page Next Page

Mixing Share and NTFS Permissions

Having two different sets of permissions—share and NTFS—to protect folders and files can lead to some confusion because these permissions interact to determine a user or group’s access to a particular object. Basically, the share permissions enable you to interact with the share (the folder), and the NTFS permissions determine what you can do with the files in that share (when both types of permissions have been used).

Because both NTFS permissions and share permissions can be assigned to a folder, the resulting access level that a user or group has is the most restrictive permission provided by the combined settings. For example, if the user’s group membership gives Read permissions based on NTFS permissions, but another group membership provides Full Control based on share permissions, the user has only Read permissions. The most restrictive permission provides the final access level.

When planning how you want to supply access to shares on the network, determine how you will use group membership to determine an individual user’s access to a particular folder or file. A good rule of thumb is to assign only the minimum level of access that a user needs to get the job done in relation to a particular folder or file.

You might also want to use share permissions to control folder access, but then use NTFS permissions to drill down your security settings to the file level. However you determine to use these different permission possibilities, make sure that you create a written plan that provides guidelines for how permissions are assigned to the groups and users present on your network.

Previous Page Next Page

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.


apply_nowPepperstone Group Limited