none
Network share - use share permission only -> no NTFS permissions? RRS feed

  • Question

  • Hey everyone,

    I have a question:

    When I create a network share is it possible to only use share permissions? It seems to me that there always have to be NTFS permissions so that the share permissions even count. 

    Example: I just created a network share with the share permission "Everyone - Full Control" but didnt give the user-Group any permission in NTFS permissions. 

    Then I tried to access this network share with my user account and it didnt work; when I gave the user group an NTFS-permission; the share permissions suddenly applied.

    So as a conclusion: Share permissions can never be alone; there always have to be NTFS-permissions in addition. 

    Is that correct?

    Thanks a lot!


    Monday, June 8, 2020 5:28 PM

All replies

  • Yes.

    Full Control Share + Read NTFS = READ

    Full Control Share + No NTFS = Access Denied

    Read Share Access + Full Control NTFS = READ *If accessed through share. Local login session would permit access to the folder through file explorer.


    Seth

    A user just like you

    Monday, June 8, 2020 7:09 PM

  • When I create a network share is it possible to only use share permissions? 



    No, it is not. The share permissions act as a filter to the file (aka NTFS) permissions.

    If you format the volume as NTFS, you have to grant some account read or read+write access. There is no point in having a volume with no permissions set, no one could access it.

    Lets say that you have an E:\ drive and the permissions are set to "everyone full control". Then you share out the E:\ drive as "Data" with the share permissions set to "everyone read".  Any user who can RDP to the server, or any application running on the server, can do anything they want to with the E:\ drive. They are accessing it locally and not going through the share and they have full control.

    But any user, including administrators, who access the files via the share, \\servername\Data, only have read access. It doesn't matter that the NTFS permissions have "everyone full control", since the files are being accessed through the share, the share permissions are restricting access to read only. 

    That's the same answer that Seth provided, just a little more verbose to try to explain how it works. 

      
    Tuesday, June 9, 2020 12:22 AM
  • Hi,
    I agree with the previous replies. If you want to know more detailed information about NTFS permissions and share permissions, you can refer to the link below:

    NTFS Permissions vs Share: Everything You Need to Know

    (Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)

    Best regards,

    Phoebe Wu



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Tuesday, June 9, 2020 2:40 AM