YMan said:
Hi,
Would anyone kindly tell me the difference in setting the
following when sharing a folder on the network :
In the properties of a folder :
- Permission under the "Sharing" tab
- Security
I am a bit confused on what should be set in order to control
who has access to this folder.
Sorry if this sounds a bit basic and naive.
A share just makes a folder available on the network. If you
only have one machine, you don't need shares. They don't
make sense.
If you have more than one machine, you can create a share
('myshare') on machine A that can be accessed on machine B
as \\A\myshare. The share permissions basically say that the
person on machine B can connect to the share for reading, or
connect for reading and writing, or connect with full
control. Basically they can *potentially* connect to the
share with those rights.
However, at a file or directory level the security
permissions define access. A person on machine A has his
rights to folders and files on machine A itself defined by
security permissions.
When a person on machine B connects to 'myshare' on machine
A his rights to connect and his gross privileges are
determined by the share permissions. His detail rights are
mainly determined by the security permissions.
If the person on machines B has say share read rights then
the *best* that he can have to a particular file is read and
the security permissions can restrict that further. If the
person on machine B has say Full Control rights on the share
he can *potentially* do anything, but his rights are usually
restricted further by the security permissions.
It is usual to give "Full Control" share permissions and
then to restrict access by security permissions. This means
that anyone whether on the machine itself or connecting via
a share has their permissions defined completely by the
security permissions. This is because it is simpler to
maintain, because all the permissions are defined in one
place for everyone.
Cheers,
Cliff
