0

Been trying something that seemed easy but apparently isn't.

I have a shared folder in a domain network. I set share permissions for everyone as read only. No other permissions are set.

Then I tab over to "security" to manage NTFS permissions. I have a local group with a few members in it. This group has read, write, modify permissions.

All users only get to the share by mapping it as a network drive.

Unfortunately it appears that all my local group members also are inheriting the more restrictive permissions from "everyone".

How can I let everyone read but limit modify to a subset I manage locally?

Thanks

Improve this question

1 Answer 1

Reset to default
1

The effective permissions are the combination of the SHARE permissions and the NTFS permissions combined. With the most restrictive permissions being used. So if you have read-only on the share, then nothing you do in NTFS ACLs is going to grant a user more access the read-only. The opposite is also true. If you have the NTFS ACLs set to read-only, then granting full control on the share will still result in on read-only access.

You must permuted access at both the NTFS ACLs and on the share ACL. They are two separate checks.

Think of it as two separate security guards that check your credentials. Neither guard will grant you more access then what that particular is instructed to grant. Guard A will not grant you special access just because Guard B might trust you.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .