Can somebody please explain rights in security and sharing?

[Rockitman]

I have a 2003 Server. I have a D: drive. I can right click this drive and
click security and set file permissions here. Full Control, Modify, Read
Execute, List, Read, and Write.
I have also created a share on this D: drive. The share is for the whole d:
drive. In the share's permissions, there is only Full Control, Change, and
Read.

I have remote user who needed to create directorys and what not, so I gave
him full control in the security permissions for the D: drive. He said it
didn't work and he wasn't able to do anything. I then went to the share's
permissions and gave him full control and he's fine now.

I am so confused now about the two sets of permission levels. Can somebody
please explain how this all works?

 

[Special Access]

On Mon, 4 Aug 2008 15:53:02 -0700, Rockitman
<Rockitman@discussions.microsoft.com> wrote:

>I have a 2003 Server. I have a D: drive. I can right click this drive and
>click security and set file permissions here. Full Control, Modify, Read
>Execute, List, Read, and Write.
>I have also created a share on this D: drive. The share is for the whole d:
>drive. In the share's permissions, there is only Full Control, Change, and
>Read.
>
>I have remote user who needed to create directorys and what not, so I gave
>him full control in the security permissions for the D: drive. He said it
>didn't work and he wasn't able to do anything. I then went to the share's
>permissions and gave him full control and he's fine now.
>
>I am so confused now about the two sets of permission levels. Can somebody
>please explain how this all works?

The simplest explanation is:
Security: the person is logged on locally to the box
Share: the person is gaining access through the network from another
computer.

it's more in depth than that, but that is the basics.

 

[Roger Abell [MVP]]

The NTFS (filesystem) permissions control what is allowed to whom at
the directory/file level (when filesystem access happens)
The share permissions control what is allowed to whom at the network
redirection level (when the network access happens)
If the share perms say so-and-so may only read (via the network) but the
filesystem perms say they can modify things then when logged only locally
they can use their full filesystem grant (i.e. network is not involved) but
if
they are accessing over the network they may not use more of the modify
filesystem grant then read (i.e for remote access share permissions restrict
maximum that can be used).

It is not normal to grant Full to non-admin users in larger environments.

Roger

"Rockitman" <Rockitman@discussions.microsoft.com> wrote in message
news:14B320DD-1B31-495E-9823-87FE8090641F@microsoft.com...
>I have a 2003 Server. I have a D: drive. I can right click this drive
>and
> click security and set file permissions here. Full Control, Modify, Read
> Execute, List, Read, and Write.
> I have also created a share on this D: drive. The share is for the whole
> d:
> drive. In the share's permissions, there is only Full Control, Change,
> and
> Read.
>
> I have remote user who needed to create directorys and what not, so I
> gave
> him full control in the security permissions for the D: drive. He said
> it
> didn't work and he wasn't able to do anything. I then went to the
> share's
> permissions and gave him full control and he's fine now.
>
> I am so confused now about the two sets of permission levels. Can
> somebody
> please explain how this all works?