mercredi 30 janvier 2008
Assigning Permissions to a Shared Folder
In Windows 2000 and Windows XP, the default shared resource permission associated with a new share is Full Control to Everyone. That means that anyone on your network can do whatever they want to files stored in that location, including deleting or changing them. (If the shared folder resides on an NTFS volume, individual subfolders and files can have their own access restrictions, however.) If you use classic sharing, you can place limits on what particular users or groups of users can do with your shared files by clicking the Permissions button on the Sharing tab. This action displays the Permissions dialog box
To set share permissions, right-click the shared folder in Windows Explorer and open its properties dialog box. Then click Permissions on the Sharing tab.
Follow these steps to view or set permissions:
In the list of names at the top of the Permissions dialog box, select the name of the user or the group you want to manage. The shared resource permissions for the selected user or group appear at the bottom of the dialog box.
Select Allow, Deny, or neither for each access control entry:
Full Control. Controls whether users can create, read, write, rename, and delete files in the folder and its subfolders. If Allow is selected, users can change permissions on and take ownership of files on NTFS volumes. Selecting this option automatically selects the corresponding check boxes for the Change and Read permissions.
Change. Allows or denies permission to read, write, rename, and delete files in the folder and its subfolders, but not to create new files.
Read. Allows or denies permission to read files but not write to, rename, or delete them.
If you select neither Allow nor Deny, the user or group is implicitly denied permission to the resource. However, any user or group can still inherit the permission through membership in another group that has the permission.
To remove a name from the Group Or User Names list, select it and click Remove. To add a name to the list, click Add to open the Select Users Or Groups dialog box, where you can enter the names of the users and groups you want to add. For more information about this dialog box, see Using NTFS Permissions for Access Control.
TIP
--------------------------------------------------------------------------------
Disable Guest access to shared folders
Setting up a share grants permission to the built-in Everyone group by default. In Windows XP, the Guest account is included in Everyone, and because Windows authenticates network users who don't have an account on the local computer as Guest, anyone on your network has access to a share. If you want to exclude anyone who does not have a user account on your computer, in the Permissions dialog box, select Everyone and click Remove. Then click Add, type Authenticated Users, and click OK. (The built-in Authenticated Users group does not include the Guest account.) Select Authenticated Users in the Group Or User Names box, and then select the Allow check box for Full Control.
CAUTION
--------------------------------------------------------------------------------
In Windows XP, files and folders that are created in a shared folder on an NTFS drive while Simple File Sharing is enabled are owned by the local Guest account. Ownership of files doesn't change when you disable or enable Simple File Sharing. Be aware that, even if you change to classic sharing and impose tighter security on your shared folders, users who log on as Guest (locally or remotely) continue to have full control over files that were created by any remote user while Simple File Sharing was enabled (assuming they still have access to the shared folder). To remedy this situation, take ownership of the folder and its contents, and remove Everyone from the ACLs of the folder and its contents.
In Windows 2000 and Windows XP, the default shared resource permission associated with a new share is Full Control to Everyone. That means that anyone on your network can do whatever they want to files stored in that location, including deleting or changing them. (If the shared folder resides on an NTFS volume, individual subfolders and files can have their own access restrictions, however.) If you use classic sharing, you can place limits on what particular users or groups of users can do with your shared files by clicking the Permissions button on the Sharing tab. This action displays the Permissions dialog box
To set share permissions, right-click the shared folder in Windows Explorer and open its properties dialog box. Then click Permissions on the Sharing tab.
Follow these steps to view or set permissions:
In the list of names at the top of the Permissions dialog box, select the name of the user or the group you want to manage. The shared resource permissions for the selected user or group appear at the bottom of the dialog box.
Select Allow, Deny, or neither for each access control entry:
Full Control. Controls whether users can create, read, write, rename, and delete files in the folder and its subfolders. If Allow is selected, users can change permissions on and take ownership of files on NTFS volumes. Selecting this option automatically selects the corresponding check boxes for the Change and Read permissions.
Change. Allows or denies permission to read, write, rename, and delete files in the folder and its subfolders, but not to create new files.
Read. Allows or denies permission to read files but not write to, rename, or delete them.
If you select neither Allow nor Deny, the user or group is implicitly denied permission to the resource. However, any user or group can still inherit the permission through membership in another group that has the permission.
To remove a name from the Group Or User Names list, select it and click Remove. To add a name to the list, click Add to open the Select Users Or Groups dialog box, where you can enter the names of the users and groups you want to add. For more information about this dialog box, see Using NTFS Permissions for Access Control.
TIP
--------------------------------------------------------------------------------
Disable Guest access to shared folders
Setting up a share grants permission to the built-in Everyone group by default. In Windows XP, the Guest account is included in Everyone, and because Windows authenticates network users who don't have an account on the local computer as Guest, anyone on your network has access to a share. If you want to exclude anyone who does not have a user account on your computer, in the Permissions dialog box, select Everyone and click Remove. Then click Add, type Authenticated Users, and click OK. (The built-in Authenticated Users group does not include the Guest account.) Select Authenticated Users in the Group Or User Names box, and then select the Allow check box for Full Control.
CAUTION
--------------------------------------------------------------------------------
In Windows XP, files and folders that are created in a shared folder on an NTFS drive while Simple File Sharing is enabled are owned by the local Guest account. Ownership of files doesn't change when you disable or enable Simple File Sharing. Be aware that, even if you change to classic sharing and impose tighter security on your shared folders, users who log on as Guest (locally or remotely) continue to have full control over files that were created by any remote user while Simple File Sharing was enabled (assuming they still have access to the shared folder). To remedy this situation, take ownership of the folder and its contents, and remove Everyone from the ACLs of the folder and its contents.
Libellés : Assigning, Folder, Permissions, Shared
0 Comments:
Funny Blogs
Blogger Roll
Free Software
