What is the recommended best practice to simplify managing the combination of NTFS and share permissions?
I'm not sure there is an official best practice anymore. As with most permissions/security based questions it depends. Show Least privileges on the share, works if you only have a few permissions assign to the share and directories. However, if you have complex permissions structure on a large folder structure, then the management of the share permissions can become a significant overhead. So using everyone on share permissions simplifies the management, requiring changes to only to be made in one place. The other advantage of using the everyone permission on the share, is that directory traversal is easier to implement. The option to set the permissions on either the share or the files, or both, provides flexibility to deliver your use cases, based on your security, risk, trust, and management requirements. Gary. 10/22/2021 Contributors To enable file access to the users or groups who have access to a share, you must configure NTFS file permissions on files and directories in that share from a Windows client. Before you begin The administrator performing this task must have sufficient NTFS permissions to change permissions on the selected objects. About this task SMB management and your Windows documentation contain information about how to set standard and advanced NTFS permissions. Steps
What is the recommended best practice around configuring NTFS and share permissions?Configuring NTFS Permissions
Create a file server permissions policy that clearly defines your permissions management process. Use Active Directory groups everywhere. Don't assign NTFS permissions to individuals, even if you have to create hundreds of groups.
What strategy can you use to combine and manage NTFS and share permissions?One strategy for providing access to resources on an NTFS volume is to share folders with the default shared folder permissions and then control access to shared folders by assigning NTFS permissions.
What is recommended best practices for setting permissions for users?NTFS Permissions Best Practices. Create a Clear Policy. To establish a standardized process for granting access, naming groups, adding new directories etc., it helps to put everything in writing. ... . Always Use Groups. Always use permission groups to set NTFS permissions. ... . Keep Root Clear. ... . Avoid Hidden Permissions.. What is the rule when combining NTFS and share permissions?If you use share permissions and NTFS permissions together, the most restrictive permission will take precedence over the other. For example, if NTFS share permissions are set to Full Control, but share permissions are set to “Read,” the user will only be able to read the file or look at the items in the folder.
|