none
Best practise to "share" a folder

    Question

  • Dear experts,

    I would like some recommendation regarding to "share" a folder to a some users.

    In my scenario I have the following folder structure:

           C:\Organization (shared)\Technician Folder

           C:\Organization (shared)\Branch_Info Folder

    And my question is: If I want to link the Technician Folder to some users, what is the best practise? Share the folder (Technician Folder) and through GPO launch the shorcout (\\SERVER\Technician) or... without sharing the folder, put the route like \\SERVER\Organization\Technician Folder\

    Which are the benefits/problems with these both ways.

    Any suggestion?

    Best Regards,


    Tecnico Superior de Sistemas



    • Edited by Sistems_MCSE Wednesday, February 12, 2014 11:46 AM
    Wednesday, February 12, 2014 11:44 AM

Answers

  • What Mandy stated is best practice and recommended.

    If you get stuck in the situation where you cannot (or don't want to) share the individual folders out, you can give everyone permissions to the top share  C:\Organization and then break inheritance for the sub-folders. Once this is done, remove 'all users' from the permissions on the sub-folders and add appropriate security groups to give permission to the users that need it. To add another layer you can turn on ABE so that users can only see folders they have permission to. This is a little more complex and requires some more manual work.

    Sharing the sub-folders out directly is recommended but just be careful on what permissions they are inheriting from C:\Organization...

    • Marked as answer by Sistems_MCSE Thursday, February 13, 2014 3:34 PM
    Thursday, February 13, 2014 3:25 PM
  • Hi, 

    Shared folder permissions apply to folders, not individual files. Since you can apply shared folder permissions only to the entire shared folder, and not to individual files or subfolders in the shared folder, shared folder permissions provide less detailed security than NTFS permissions.

    The Share Permissions are evaluated on the share you use to enter the file system. There is no inheritance with shares. The Share Permissions assigned on the share you used to enter the file system are the permissions you have in that branch of the directory tree, even if there is another share lower in the tree with different permissions.

    When you set the share permissions on a folder, its subfolders are not shared folder. I would suggest you directly share the Technician Folder, because if there is a NTFS permission on Organization folder prevent user from access the Technician Folder, we could not access the Technician Folder using \\SERVER\Organization\Technician Folder\ path. But if the Technician Folder is shared, we could directly access the Technician Folder using \\SERVER\Technician Folder\.

    Regards, 

    Mandy

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

    • Marked as answer by Sistems_MCSE Thursday, February 13, 2014 3:34 PM
    Thursday, February 13, 2014 8:22 AM

All replies

  • Hi, 

    Shared folder permissions apply to folders, not individual files. Since you can apply shared folder permissions only to the entire shared folder, and not to individual files or subfolders in the shared folder, shared folder permissions provide less detailed security than NTFS permissions.

    The Share Permissions are evaluated on the share you use to enter the file system. There is no inheritance with shares. The Share Permissions assigned on the share you used to enter the file system are the permissions you have in that branch of the directory tree, even if there is another share lower in the tree with different permissions.

    When you set the share permissions on a folder, its subfolders are not shared folder. I would suggest you directly share the Technician Folder, because if there is a NTFS permission on Organization folder prevent user from access the Technician Folder, we could not access the Technician Folder using \\SERVER\Organization\Technician Folder\ path. But if the Technician Folder is shared, we could directly access the Technician Folder using \\SERVER\Technician Folder\.

    Regards, 

    Mandy

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

    • Marked as answer by Sistems_MCSE Thursday, February 13, 2014 3:34 PM
    Thursday, February 13, 2014 8:22 AM
  • What Mandy stated is best practice and recommended.

    If you get stuck in the situation where you cannot (or don't want to) share the individual folders out, you can give everyone permissions to the top share  C:\Organization and then break inheritance for the sub-folders. Once this is done, remove 'all users' from the permissions on the sub-folders and add appropriate security groups to give permission to the users that need it. To add another layer you can turn on ABE so that users can only see folders they have permission to. This is a little more complex and requires some more manual work.

    Sharing the sub-folders out directly is recommended but just be careful on what permissions they are inheriting from C:\Organization...

    • Marked as answer by Sistems_MCSE Thursday, February 13, 2014 3:34 PM
    Thursday, February 13, 2014 3:25 PM
  • Dear Mandy Ye / atom_acres,

    thanks for your fast reply, you have helped me in my doubts about the structure permissions.

    Thanks!

    Best regards,


    Tecnico Superior de Sistemas

    Thursday, February 13, 2014 3:34 PM