|
Posted by Asher_N on January 12, 2006, 12:11 pm
Please log in for more thread options
Yes. If you only give 'Read' NTFS rights to an object, that's all they
get regardless of the share rights. That is quite common. For example, I
have a share that contains department and company folders. Everybody has
'Modify' and 'Read' rights to the share. I then control access with NTFS
permissions. Furthermore, if you have R2, or install the Access based
enumeration tool on W2K3 SP1, the users only see objects that they have
rights to. ABE can be found here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-
4342-A485-B030AC442084&displaylang=en
@TK2MSFTNGP12.phx.gbl:
> Hmm... I can check that out. But let me ask this: So say they have
> Change access on the share -BUT- there are files in the share that I do
> NOT want a person to have write access to (such as control files)? If I
> give them change access to the share, can I then restrict that access
> to those particular files in the share?
>
> Asher_N wrote:
>
>> Do they have 'Change' rights on the permissions of the sg=hare?
>> Windows will apply the most restrictive of the share and NTFS rights
>> so even if the user has fukk control of a folder as far as NTFS
>> (Security tab) is concerned, if he only has 'Read' right to the
>> share, he will not be able to do anything but read.
>>
>> @TK2MSFTNGP11.phx.gbl:
>>
>> > Ondrej Sevecek wrote:
>> >
>> >> did you checked the "Sharing" tab of the folder and checked the
>> >> "Permissions" buttong the the tab?
>> >>
>> >> O.
>> >>
>> >>
>> >> > We have a Windows 2003 server which is on our corporate domain. I
>> >> > created a shared folder on one of the server drives, and then
>> >> > created other folders and files within that share area. I then
>> gave >> > an individual read/write/create rights to certain files and
>> folders >> > in that share area. However, that person can read files
>> in that >> > area but cannot seem to update or write to files/folders
>> even >> > though they have been given access to those files/folders!
>> Both the >> > server and the user are on the same domain. I even went
>> so far as >> > to give this individual 'FULL CONTROL' access to the
>> appropriate >> > files/folders, but they still cannot write anything!
>> The ONLY way I >> > can give them access to write to this area is to
>> set them up as >> > local admin users on the server, with is
>> something I do NOT want to >> > do!
>> >> >
>> >> > I know I have done this before, and it is a simple thing to do
>> >> > (using File...Properties...Security tab on the file/folder via
>> >> > Explorer) but for some bizarre reason it isn't working now.
>> Anyone >> > have any ideas as to what is going on here? Thanks.
>> >> >
>> >> > Tom
>> >> >
>> >> >
>> >> >
>> >> > --
>> >
>> > Ondrej: Yes, it is shared properly, and the appropriate people have
>> > been added to the permissions for that share. Again, those who can
>> > access it can read things without any problem; it is just trying to
>> > write or change things that they cannot do (even though they have
>> > access to that folder/file).
>> >
>> > Tom
>> >
>
>
>
| 
XML Sitemap