locked
Windows 2008/2012 Sharing Permission RRS feed

  • Question

  • Dear All;

    I have the following scenario.

    we have file server , this server has a hardware problem. we tried to solve the problem unfortuantly we couldn't .

    we restored the operating system and drives content from backup

    we supprised that sharing permissison were removed, but Security permission still available

    I need a script which copy the security permission for each folder and assign it as sharing permission on the same folder.

    any one could help

    appreciate your assistance

    Sunday, February 8, 2015 5:26 PM

Answers

  • Can't be done.  You need to do a little studying to learn how shares work. ON a server will set shares to Everyone(FullControl) and let the permissions on the file system manage access. Incremental share permissions are fo use only in Workgroups and not in a domain.

    The default setting for a share is read-only. All you need to do is change that.

    Grant-SmbShareAccess -Name someshare -AccountName domain\Everyone -AccessRight Full


    ¯\_(ツ)_/¯



    • Edited by jrv Sunday, February 8, 2015 6:12 PM
    • Marked as answer by Ali9999 Sunday, February 8, 2015 6:30 PM
    Sunday, February 8, 2015 6:11 PM
  • You can also use:

    NET SHARE /?

    follow the instructions.


    ¯\_(ツ)_/¯

    • Marked as answer by Ali9999 Sunday, February 8, 2015 6:31 PM
    Sunday, February 8, 2015 6:15 PM
  • We really need to pay attention to the NTFS permissions at all times.  The share is only a convenience.  The idea of share permissions is a hangover from W98 and earlier (pre-NTFS) because FAT systems had no security.  They can still be useful for some cases where we might use FTA such as moving a USB drive between a Mac and Windows.

    The default "read only" was changed at Vista to act as a warning to check or know about NTFS permissions.  The "Best Practices" is to manage NTFS permissions aggressively.

    You can use incremental permissions on share for some scenarios but I recommend having a good reason first.

    This is a good time to evaluate your NTFS security scheme.


    ¯\_(ツ)_/¯

    • Marked as answer by Ali9999 Sunday, February 8, 2015 7:02 PM
    Sunday, February 8, 2015 6:59 PM

All replies

  • Can't be done.  You need to do a little studying to learn how shares work. ON a server will set shares to Everyone(FullControl) and let the permissions on the file system manage access. Incremental share permissions are fo use only in Workgroups and not in a domain.

    The default setting for a share is read-only. All you need to do is change that.

    Grant-SmbShareAccess -Name someshare -AccountName domain\Everyone -AccessRight Full


    ¯\_(ツ)_/¯



    • Edited by jrv Sunday, February 8, 2015 6:12 PM
    • Marked as answer by Ali9999 Sunday, February 8, 2015 6:30 PM
    Sunday, February 8, 2015 6:11 PM
  • You can also use:

    NET SHARE /?

    follow the instructions.


    ¯\_(ツ)_/¯

    • Marked as answer by Ali9999 Sunday, February 8, 2015 6:31 PM
    Sunday, February 8, 2015 6:15 PM
  • Giving Everyone group Full Control permissions to share is confusing in some scenarios, if you do , then NTFS permissions should be evaluated for each folder to control access (in my scenario ,huge number of folders exist).  This could give other users capability to change permissions. 

    If I will rely on NTFS permissions to manage access to files and folders over the share, I believe that Change  share permission for Everyone group is better.

    am I right ?

    Sunday, February 8, 2015 6:42 PM
  • We really need to pay attention to the NTFS permissions at all times.  The share is only a convenience.  The idea of share permissions is a hangover from W98 and earlier (pre-NTFS) because FAT systems had no security.  They can still be useful for some cases where we might use FTA such as moving a USB drive between a Mac and Windows.

    The default "read only" was changed at Vista to act as a warning to check or know about NTFS permissions.  The "Best Practices" is to manage NTFS permissions aggressively.

    You can use incremental permissions on share for some scenarios but I recommend having a good reason first.

    This is a good time to evaluate your NTFS security scheme.


    ¯\_(ツ)_/¯

    • Marked as answer by Ali9999 Sunday, February 8, 2015 7:02 PM
    Sunday, February 8, 2015 6:59 PM
  • thanks for comprehensive reply
    Sunday, February 8, 2015 7:02 PM
  • thanks for comprehensive reply

    You are welcome.  Share permissions are on of my long time pet peeves.  I find that most admins don't think much about them and the underlying system.

    Note that for distribution only custom update share the default of "read only" is good and correct.


    ¯\_(ツ)_/¯

    Sunday, February 8, 2015 7:05 PM