Folder Shares: question about security

[Rob]

Hello,

When I share a folder, I see two tabs in the properties window: Sharing and
Security. In the Sharing tab, there's the Permissions button that allows me
to add users to access this shared folder, and then in the Security tab it
allows me to do the same with more granular options.

What is the difference between these two security models? If I were to
simply grant a user in the same domain to access a shared folder, which of
these two options should I use. On a side note, what if the user belongs to
another (but trusted) domain, would it still be possible for that user to
access the share?

Thank you.

 

[RichGK]

Re: Folder Shares: question about security

On 14 Apr, 15:46, Rob <R...@discussions.microsoft.com> wrote:
> Hello,
>
> When I share a folder, I see two tabs in the properties window: Sharing and
> Security. In the Sharing tab, there's the Permissions button that allows me
> to add users to access this shared folder, and then in the Security tab it
> allows me to do the same with more granular options.
>
> What is the difference between these two security models? If I were to
> simply grant a user in the same domain to access a shared folder, which of
> these two options should I use. On a side note, what if the user belongs to
> another (but trusted) domain, would it still be possible for that user to
> access the share?
>
> Thank you.

Common (best) practice is to set Share Permissions for Everyone to
full control and then use NTFS security to provide the restrictive
access you require.

If using a FAT drive you only have access to share permissions, in
this case you need to know the limitations (of which there are
plenty).

If mixing share permissions and NTFS security (which is not a good
idea if only because you don't need to) then the share permissions
will be the most restrictive.