Microsoft Small Business Server 2003 Unleashed
Shares give domain users access to areas of the server disk across the network. SBS system administrators are familiar with a number of these shares, including the Users Shared Folders share. These network shares have their own security permissions that determine whether and how a user account will access the share. Table 9.5 describes the different share permissions available.
These share permissions work in conjunction with the NTFS permissions that have been assigned to the file path on the server. This is possibly the single most confusing aspect of Windows system administration for new and experienced admins alike. When dealing with share and NTFS permissions in combination, the more restrictive permission is the one that wins out. Table 9.6 shows the effective permissions for various combinations of share and NTFS permissions.
Share permissions are accessed in the Sharing tab of a folder's Properties dialog box by clicking on the Permissions button. This brings up the Share Permissions dialog, shown in Figure 9.7, which shows the default share permissions for the Users Shared Folders folder. Figure 9.7. Share Permissions for the Users share.
Of the three groups listed in the dialog box, two should be familiar to most Windows administratorsDomain Admins and Domain Users. By default, the Domain Users group is given Full Control permission for the share because the user needs Full Control access to her folder inside the Users share. The Domain Admins group is also given Full Control over the share so that the administrators can manage access to resources through the share and not just from the server console. The third group may not be as familiarthe Folder Operators group, which is also given Full Control permissions by default. This group is created by the SBS installation, and members of the group are able to manage shared folders on the server and in Active Directory. This group contains the Domain Power Users group by default, so any account created as a Power User will be able to manage shared folders on the SBS network. Like the NTFS permissions dialog, the individual permissions can be set to Allow or Deny. Just like with NTFS permissions, the Deny permission overrides the Allow permission, so care must be taken when setting the Deny permission on a shared folder.
|
Категории