Tech Tips / Windows NT / Users and Groups

Use NTFS permissions to guard open systems

Even in a tightly administered environment, you may still want to enable shared folder or file permissions for some networked resources. In such an environment, remember that NTFS permissions work cumulatively - that is, the most restrictive permission applied to a resource is enforced. However, it's important to remember that shared folder permissions apply to networked resources only, so you can't rely solely on them to protect resources on systems with open user access.

Let's suppose you use the NTFS Security tab to assign a user Full Control to a resource but then use the Sharing tab to assign the same user Read permission to that resource. If the user tries to access the resource across the network, she or he will only have Read access, since that access level is most restrictive in use. However, if the same user tries to access the resource on the system where it resides, only the NTFS permission of Full Control will be in force, leaving the door open to unwanted user access.

Contact Us | Authors | Subject Index | RSS Feeds

Copyright ©2007