\nI’ve also read in another SW thread that the root of our file share should be shared using particular groups (Everyone, or Authenticated Users), but we are not using that group…<\/p>\n<\/blockquote>\n<\/aside>\n
The lack of having any permissions for the Everyone group could be your problem. At a minimum, the everyone group needs to have Read permissions for the share or strange things will happen. As dbeato mentioned, using Domain Users and Domain Admins is fine but Everyone still needs to at least have Read permissions because there are accounts that are not covered under these two groups that may need read access to the share, like System, TrustedInstaller, etc.<\/p>\n
Microsoft recommends giving Everyone full control at the share level and using the NTFS permissions to control/restrict access. I myself prefer to use: Everyone = Read, Authenticated Users = Change & Read, Domain Admins & Administrators = Full Control for the share level permissions.<\/p>","upvoteCount":0,"datePublished":"2018-05-05T11:02:27.000Z","url":"https://community.spiceworks.com/t/ntfs-file-permission-issues/649889/4","author":{"@type":"Person","name":"markstorkamp3662","url":"https://community.spiceworks.com/u/markstorkamp3662"}},"suggestedAnswer":[{"@type":"Answer","text":"
Howdy All!<\/p>\n
I’m having a head scratching issue with our file server permissions. Our folders have a mix of Groups and Users applied to the folders, and where a user has access to a top folder, he doesn’t have access to a sub folder even though he has permissions applied to it. The folder in question is not inheriting permissions either.<\/p>\n
I’ve also read in another SW thread that the root of our file share should be shared using particular groups (Everyone, or Authenticated Users), but we are not using that group; we have Domain Users and Domain Admins with Change and Read, and Administrators with Full Control. Can someone explain what risks I face in making a change to the Sharing permissions? I have a group called Shared-Disk which has every active user account, should I add that Group to the Shared permissions instead?<\/p>","upvoteCount":2,"datePublished":"2018-05-04T15:25:50.000Z","url":"https://community.spiceworks.com/t/ntfs-file-permission-issues/649889/1","author":{"@type":"Person","name":"philipthomas","url":"https://community.spiceworks.com/u/philipthomas"}},{"@type":"Answer","text":"\n\n
<\/div>\n
Philip Thomas:<\/div>\n
\nHowdy All!<\/p>\n
I’m having a head scratching issue with our file server permissions. Our folders have a mix of Groups and Users applied to the folders, and where a user has access to a top folder, he doesn’t have access to a sub folder even though he has permissions applied to it. The folder in question is not inheriting permissions either.<\/p>\n
I’ve also read in another SW thread that the root of our file share should be shared using particular groups (Everyone, or Authenticated Users), but we are not using that group; we have Domain Users and Domain Admins with Change and Read, and Administrators with Full Control. Can someone explain what risks I face in making a change to the Sharing permissions? I have a group called Shared-Disk which has every active user account, should I add that Group to the Shared permissions instead?<\/p>\n<\/blockquote>\n<\/aside>\n
Domain Users and Domain Admin is fine for sharing folders. Sharing permissions assumes that you have the correct NTFS permissions as well, so the shares should have permissions that reflect the NTFS permissions.<\/p>","upvoteCount":2,"datePublished":"2018-05-04T16:16:55.000Z","url":"https://community.spiceworks.com/t/ntfs-file-permission-issues/649889/2","author":{"@type":"Person","name":"dbeato","url":"https://community.spiceworks.com/u/dbeato"}},{"@type":"Answer","text":"
share will act as gatekeeper and NTFS is host, so both permissions are necessary to allow to enter.<\/p>\n
Best practise is to give domain users full access on share and read,write or whatever NTFS permissions on NTFS to the group.<\/p>","upvoteCount":1,"datePublished":"2018-05-05T01:12:18.000Z","url":"https://community.spiceworks.com/t/ntfs-file-permission-issues/649889/3","author":{"@type":"Person","name":"jitensh","url":"https://community.spiceworks.com/u/jitensh"}}]}}
Howdy All!
I’m having a head scratching issue with our file server permissions. Our folders have a mix of Groups and Users applied to the folders, and where a user has access to a top folder, he doesn’t have access to a sub folder even though he has permissions applied to it. The folder in question is not inheriting permissions either.
I’ve also read in another SW thread that the root of our file share should be shared using particular groups (Everyone, or Authenticated Users), but we are not using that group; we have Domain Users and Domain Admins with Change and Read, and Administrators with Full Control. Can someone explain what risks I face in making a change to the Sharing permissions? I have a group called Shared-Disk which has every active user account, should I add that Group to the Shared permissions instead?
2 Spice ups
dbeato
May 4, 2018, 4:16pm
2
Philip Thomas:
Howdy All!
I’m having a head scratching issue with our file server permissions. Our folders have a mix of Groups and Users applied to the folders, and where a user has access to a top folder, he doesn’t have access to a sub folder even though he has permissions applied to it. The folder in question is not inheriting permissions either.
I’ve also read in another SW thread that the root of our file share should be shared using particular groups (Everyone, or Authenticated Users), but we are not using that group; we have Domain Users and Domain Admins with Change and Read, and Administrators with Full Control. Can someone explain what risks I face in making a change to the Sharing permissions? I have a group called Shared-Disk which has every active user account, should I add that Group to the Shared permissions instead?
Domain Users and Domain Admin is fine for sharing folders. Sharing permissions assumes that you have the correct NTFS permissions as well, so the shares should have permissions that reflect the NTFS permissions.
2 Spice ups
jitensh
May 5, 2018, 1:12am
3
share will act as gatekeeper and NTFS is host, so both permissions are necessary to allow to enter.
Best practise is to give domain users full access on share and read,write or whatever NTFS permissions on NTFS to the group.
1 Spice up
The lack of having any permissions for the Everyone group could be your problem. At a minimum, the everyone group needs to have Read permissions for the share or strange things will happen. As dbeato mentioned, using Domain Users and Domain Admins is fine but Everyone still needs to at least have Read permissions because there are accounts that are not covered under these two groups that may need read access to the share, like System, TrustedInstaller, etc.
Microsoft recommends giving Everyone full control at the share level and using the NTFS permissions to control/restrict access. I myself prefer to use: Everyone = Read, Authenticated Users = Change & Read, Domain Admins & Administrators = Full Control for the share level permissions.
