Home page logo
/

basics logo Security Basics mailing list archives

RE: Windows Sharing File Permissions
From: "Scalcione.David" <SCALCIONED () YANB com>
Date: Tue, 11 Dec 2007 12:15:09 -0500

Al,

The permissions in the share permissions tab apply to the share. The permissions in the security tab are file/directory 
permissions. The share permissions apply ONLY when accessing the file through THAT particular share. File permissions 
apply not matter how that file is accessed. When accessing a file on a Windows share, share permissions apply first, 
then file permissions. Of course the usual deny the allow order also applies. Share permissions are not very robust or 
granular, and in general don't provide that much security. DO NOT use share permissions to restrict access to files. 
These permissions only apply to that file when accessed through that particular share. If you create two shares that 
can access the same file, with different permissions on each, then you have two sets of permissions that apply to that 
file depending on the way it's accessed though the network. Use share permissions to grant users access to the share, 
use file permissions to grant/deny access to files.

If I'm not making any sense, check out this article http://www.windowsecurity.com/articles/Share-Permissions.html.


Dave

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of Al Cooper
Sent: Tuesday, December 11, 2007 11:06
To: security-basics () securityfocus com
Subject: Windows Sharing File Permissions


Hi All,

In Windows, there are two places to set shared folder permissions in the
Folder Property Box, on the Security Tab and on the Sharing Tab under
permissions.  What is the difference between these two? Which one has
priority?  Why are there two?

I know this seems like a very basic question but I cannot find good
documentation on this.

Thanks for your help,


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean. 
 
The information contained in this communication is confidential and privileged information intended only for the use of 
the individual or entity to which it is addressed. If you are not the addressee indicated in this message (or an agent 
responsible for delivery of the message to such person), you are hereby notified that you have received this 
communication in error and that any review, dissemination, copying, or any action or omission taken by you in reliance 
on it, is strictly prohibited. Please destroy this message and notify the sender immediately if you have received it in 
error.
Please also advise immediately if you or your employer do not consent to e-mail communications. Opinions, conclusions 
and other information in this message that do not relate to the official business of Yardville National Bank shall be 
understood as neither given nor endorsed by it.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]