Tech Tips / Windows NT / Users and Groups
Even in a tightly administered environment, you may still want to enable shared folder or file permissions for some networked resources. In such an environment, remember that NTFS permissions work cumulatively - that is, the most restrictive permission applied to a resource is enforced. However, it's important to remember that shared folder permissions apply to networked resources only, so you can't rely solely on them to protect resources on systems with open user access.
Let's suppose you use the NTFS Security tab to assign a user Full Control to a resource but then use the Sharing tab to assign the same user Read permission to that resource. If the user tries to access the resource across the network, she or he will only have Read access, since that access level is most restrictive in use. However, if the same user tries to access the resource on the system where it resides, only the NTFS permission of Full Control will be in force, leaving the door open to unwanted user access.
If you're an experienced IT professional and would like to share your expertise with other Setup32.com readers, why not submit a new tip to our Tech Tips area?
Certification Links