Windows Shared Files Permissions

Share permissions vs NTFS(file) permissions

NTFS permissions are used to manage access to the files and folders that are stored in NTFS file systems. They are always effective no matter what path/UNC you use but need to be applied to each and every file/folder and this can take a lot of time if you have a lot of them or working on a slow file system (e.g. a DFSReplicated filesystem).

When you share a folder using a UNC like \\server\shared1 then users viewing files using that specific UNC (\\server\shared1\...) can also be restricted by what are called share permissions. The share permissions are applied instantaneously, are effective for all subfolders/files within the share but are of-course in effect only when users access the files/folders using that specific UNC (in case you wonder: you can have the same file accessible via different UNCs if you share a folder and then go ahead and also share one of its sub-folders. Then files under the sub-folder are accessible from both UNCs).

BE VERY CAREFUL THOUGH: Un-intuitively going to right click -> properties -> sharing will show you the access rights for the NTFS folder that is shared and not for the share itself. To go to the access rights for a share itself you should instead right click -> properties -> advanced sharing -> rights. In the screenshot below the upper part shows the access rights for the share and the lower part the access rights for the folder.

Which is better?

Try to force the client to follow the following rules. Most of the times they can but will not realize/admit it initially.
  1. Always prefer share permissions.
  2. If you REALLY need a few exceptions where some people have less access to some files you may use NTFS permissions.
  3. If you think you really need complex permissionsthat can't be expressed via simple share permissions, first stop and make sure there's really no way to remove the complexity (remember that complexity and security rarely mix well). If there is not, then go ahead and use NTFS permissions. You've been warned.
If you are unlucky and you have to use complex NTFS permissions: 1) try to minimize the complexity (e.g. avoid as many exceptions and corner cases) 2) always prefer to work on directories instead of files.

How to view/edit

How to view/edit SHARE permissions

3cf1f06f198c99df06642ed31574d71d.png

How to view/edit FILE/NTFS permissions

See also WindowsFileAccessRights

I Attachment Action Size Date Who Comment
3cf1f06f198c99df06642ed31574d71d.pngpng 3cf1f06f198c99df06642ed31574d71d.png manage 197 K 21 Apr 2020 - 08:08 Main.NickDemou Auto-attached by ImagePlugin
63ed47d36a380a2fd618963a13940481.pngpng 63ed47d36a380a2fd618963a13940481.png manage 42 K 21 Apr 2020 - 08:09 Main.NickDemou Auto-attached by ImagePlugin
b81e783b5e86f6ec8700f5fb1fec8fcc.pngpng b81e783b5e86f6ec8700f5fb1fec8fcc.png manage 131 K 04 Feb 2019 - 14:12 Main.NickDemou Auto-attached by ImagePlugin
This topic: KnowledgeBase > WindowsFileSharingRights
Topic revision: 21 Apr 2020, NickDemou
Copyright © enLogic