To remove a name from the Group Or User Names list, select it and click Remove. To add a name to the list, click Add to open the Select Users Or Groups dialog box, where you can enter the names of the users and groups you want to add .

How Shared Resource Permissions and NTFS Permissions Work Together

The implementation of shared resource permissions and NTFS permissions is confusingly similar, but it's important to recognize that these are two separate levels of access control . Only connections that successfully pass through both gates are granted access.

Shared resource permissions control network access to a particular resource. Shared resource permissions do not affect users who log on locally. You set shared resource permissions in the Advanced Sharing dialog box, which you access from the Sharing tab of a folder's properties dialog box .

NTFS permissions (also known as discretionary access control lists, DACLs) apply to folders and files on an NTFS-formatted drive. For each user to whom you want to grant access, you can specify exactly what that user is allowed to do: run programs, view folder contents, create new files, change existing files, and so on. You set NTFS permissions on the Security tab of the properties dialog box for a folder or file.

It's important to recognize that the two types of permissions are combined in the most restrictive way. If, for example, a user is granted Read permission on the network share, even if the account has Full Control NTFS permissions on the same folder, the user gets only read access when connecting over the network. In effect, the two sets of permissions act in tandem as "gatekeepers" that winnow out incoming network connections . An account that attempts to connect over the network is examined first by the shared resource permissions gatekeeper. The account is either bounced out on its caboodle or allowed to enter with certain permissions . It's then confronted by the NTFS permissions gatekeeper, which might strip away (but not add to) some or all of the permissions granted at the first doorway.

In determining the effective permission for a particular account, you must also consider the effect of group membership . Permissions are cumulative; an account that is a member of one or more groups is granted all the permissions granted explicitly to the account as well as all permissions granted to each group of which it's a member. The only exception to this rule is Deny permissions, which take precedence over any conflicting Allow permissions .


Was this article helpful?

0 0
Digital Cancers

Digital Cancers

Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.

Get My Free Ebook

Post a comment