mailing list archives
RE: Windows Sharing File Permissions
From: "Scalcione.David" <SCALCIONED () YANB com>
Date: Tue, 11 Dec 2007 12:15:09 -0500
The permissions in the share permissions tab apply to the share. The permissions in the security tab are file/directory
permissions. The share permissions apply ONLY when accessing the file through THAT particular share. File permissions
apply not matter how that file is accessed. When accessing a file on a Windows share, share permissions apply first,
then file permissions. Of course the usual deny the allow order also applies. Share permissions are not very robust or
granular, and in general don't provide that much security. DO NOT use share permissions to restrict access to files.
These permissions only apply to that file when accessed through that particular share. If you create two shares that
can access the same file, with different permissions on each, then you have two sets of permissions that apply to that
file depending on the way it's accessed though the network. Use share permissions to grant users access to the share,
use file permissions to grant/deny access to files.
If I'm not making any sense, check out this article http://www.windowsecurity.com/articles/Share-Permissions.html.
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of Al Cooper
Sent: Tuesday, December 11, 2007 11:06
To: security-basics () securityfocus com
Subject: Windows Sharing File Permissions
In Windows, there are two places to set shared folder permissions in the
Folder Property Box, on the Security Tab and on the Sharing Tab under
permissions. What is the difference between these two? Which one has
priority? Why are there two?
I know this seems like a very basic question but I cannot find good
documentation on this.
Thanks for your help,
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
The information contained in this communication is confidential and privileged information intended only for the use of
the individual or entity to which it is addressed. If you are not the addressee indicated in this message (or an agent
responsible for delivery of the message to such person), you are hereby notified that you have received this
communication in error and that any review, dissemination, copying, or any action or omission taken by you in reliance
on it, is strictly prohibited. Please destroy this message and notify the sender immediately if you have received it in
Please also advise immediately if you or your employer do not consent to e-mail communications. Opinions, conclusions
and other information in this message that do not relate to the official business of Yardville National Bank shall be
understood as neither given nor endorsed by it.
- RE: Windows Sharing File Permissions, (continued)