Windows 2003 Directory Permissions - What gives?

  • Thread starter Thread starter Andrew
  • Start date Start date
A

Andrew

I shared a directory with one of our Windows 2003 servers and gave a user
Full Control accesss to that directory. However, from his computer where he
is logged on, he can't copy and paste anything to that directory. If he
remote desktop's into the server and logs on as himself, he can browse to
another network share and pull the file over without any problems.

I never had this problem in Windows 2000. How do I configure a directory on
a Windows 2003 server so that people can "push" files to that folder without
logging onto the server locally and "pulling" the files over?
 
What are the share permissions? When you say you gave the user FULL control
do you mean FULL NTFS permissions?

"Andrew" <Andrew@discussions.microsoft.com> wrote in message
news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>I shared a directory with one of our Windows 2003 servers and gave a user
> Full Control accesss to that directory. However, from his computer where
> he
> is logged on, he can't copy and paste anything to that directory. If he
> remote desktop's into the server and logs on as himself, he can browse to
> another network share and pull the file over without any problems.
>
> I never had this problem in Windows 2000. How do I configure a directory
> on
> a Windows 2003 server so that people can "push" files to that folder
> without
> logging onto the server locally and "pulling" the files over?
 
hi,
check the share permissions, the diference from w2k is that in w2k the
everyone have full share permissions and on w2k3 everyone is read-only by
default.
--
Dragos CAMARA
MCSA Windows 2003 server


"Andrew" wrote:

> I shared a directory with one of our Windows 2003 servers and gave a user
> Full Control accesss to that directory. However, from his computer where he
> is logged on, he can't copy and paste anything to that directory. If he
> remote desktop's into the server and logs on as himself, he can browse to
> another network share and pull the file over without any problems.
>
> I never had this problem in Windows 2000. How do I configure a directory on
> a Windows 2003 server so that people can "push" files to that folder without
> logging onto the server locally and "pulling" the files over?
 
I gave the user Full Control NTFS AND Folder Share permissions.

Even if I'm logged on as Administrator, I still can't push anything down,
but I can pull files across without any issues.

I'm stumped.

"SBS Rocker" wrote:

> What are the share permissions? When you say you gave the user FULL control
> do you mean FULL NTFS permissions?
>
> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
> >I shared a directory with one of our Windows 2003 servers and gave a user
> > Full Control accesss to that directory. However, from his computer where
> > he
> > is logged on, he can't copy and paste anything to that directory. If he
> > remote desktop's into the server and logs on as himself, he can browse to
> > another network share and pull the file over without any problems.
> >
> > I never had this problem in Windows 2000. How do I configure a directory
> > on
> > a Windows 2003 server so that people can "push" files to that folder
> > without
> > logging onto the server locally and "pulling" the files over?
>
>
>
 
I think I may know what your problems are. You say..........

"I gave the user Full Control NTFS AND Folder Share permissions."
does the group Everyone=READ on the Share permissions still there ? If so
you need to remove the user=FULL and change Everyone=FULL on the share
permissions. No need to add a user to the share permissions and give him
FULL access. By industry best practices when creating a Share the default
would be Everyone=FULL.


"Andrew" <Andrew@discussions.microsoft.com> wrote in message
news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>I gave the user Full Control NTFS AND Folder Share permissions.
>
> Even if I'm logged on as Administrator, I still can't push anything down,
> but I can pull files across without any issues.
>
> I'm stumped.
>
> "SBS Rocker" wrote:
>
>> What are the share permissions? When you say you gave the user FULL
>> control
>> do you mean FULL NTFS permissions?
>>
>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>> >I shared a directory with one of our Windows 2003 servers and gave a
>> >user
>> > Full Control accesss to that directory. However, from his computer
>> > where
>> > he
>> > is logged on, he can't copy and paste anything to that directory. If
>> > he
>> > remote desktop's into the server and logs on as himself, he can browse
>> > to
>> > another network share and pull the file over without any problems.
>> >
>> > I never had this problem in Windows 2000. How do I configure a
>> > directory
>> > on
>> > a Windows 2003 server so that people can "push" files to that folder
>> > without
>> > logging onto the server locally and "pulling" the files over?
>>
>>
>>
 
hi,
i dont agree with the best practices to give everyone full permisions on the
share. Best practices is to check and add the groups proper there.

--
Dragos CAMARA
MCSA Windows 2003 server


"SBS Rocker" wrote:

> I think I may know what your problems are. You say..........
>
> "I gave the user Full Control NTFS AND Folder Share permissions."
> does the group Everyone=READ on the Share permissions still there ? If so
> you need to remove the user=FULL and change Everyone=FULL on the share
> permissions. No need to add a user to the share permissions and give him
> FULL access. By industry best practices when creating a Share the default
> would be Everyone=FULL.
>
>
> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
> >I gave the user Full Control NTFS AND Folder Share permissions.
> >
> > Even if I'm logged on as Administrator, I still can't push anything down,
> > but I can pull files across without any issues.
> >
> > I'm stumped.
> >
> > "SBS Rocker" wrote:
> >
> >> What are the share permissions? When you say you gave the user FULL
> >> control
> >> do you mean FULL NTFS permissions?
> >>
> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
> >> >I shared a directory with one of our Windows 2003 servers and gave a
> >> >user
> >> > Full Control accesss to that directory. However, from his computer
> >> > where
> >> > he
> >> > is logged on, he can't copy and paste anything to that directory. If
> >> > he
> >> > remote desktop's into the server and logs on as himself, he can browse
> >> > to
> >> > another network share and pull the file over without any problems.
> >> >
> >> > I never had this problem in Windows 2000. How do I configure a
> >> > directory
> >> > on
> >> > a Windows 2003 server so that people can "push" files to that folder
> >> > without
> >> > logging onto the server locally and "pulling" the files over?
> >>
> >>
> >>
>
>
>
 
OK then you keep trying to figure it out why you have issues. Good
luck.............

"Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
> hi,
> i dont agree with the best practices to give everyone full permisions on
> the
> share. Best practices is to check and add the groups proper there.
>
> --
> Dragos CAMARA
> MCSA Windows 2003 server
>
>
> "SBS Rocker" wrote:
>
>> I think I may know what your problems are. You say..........
>>
>> "I gave the user Full Control NTFS AND Folder Share permissions."
>> does the group Everyone=READ on the Share permissions still there ? If so
>> you need to remove the user=FULL and change Everyone=FULL on the share
>> permissions. No need to add a user to the share permissions and give him
>> FULL access. By industry best practices when creating a Share the default
>> would be Everyone=FULL.
>>
>>
>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>> >I gave the user Full Control NTFS AND Folder Share permissions.
>> >
>> > Even if I'm logged on as Administrator, I still can't push anything
>> > down,
>> > but I can pull files across without any issues.
>> >
>> > I'm stumped.
>> >
>> > "SBS Rocker" wrote:
>> >
>> >> What are the share permissions? When you say you gave the user FULL
>> >> control
>> >> do you mean FULL NTFS permissions?
>> >>
>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>> >> >I shared a directory with one of our Windows 2003 servers and gave a
>> >> >user
>> >> > Full Control accesss to that directory. However, from his computer
>> >> > where
>> >> > he
>> >> > is logged on, he can't copy and paste anything to that directory.
>> >> > If
>> >> > he
>> >> > remote desktop's into the server and logs on as himself, he can
>> >> > browse
>> >> > to
>> >> > another network share and pull the file over without any problems.
>> >> >
>> >> > I never had this problem in Windows 2000. How do I configure a
>> >> > directory
>> >> > on
>> >> > a Windows 2003 server so that people can "push" files to that folder
>> >> > without
>> >> > logging onto the server locally and "pulling" the files over?
>> >>
>> >>
>> >>
>>
>>
>>
 
A good article for those who don't understand how Shares work in conjunction
with NTFS permissions. Take note on the last paragraph.....

http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1093198,00.html?FromTaxonomy=%2Fpr%2F286434

"Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
> hi,
> i dont agree with the best practices to give everyone full permisions on
> the
> share. Best practices is to check and add the groups proper there.
>
> --
> Dragos CAMARA
> MCSA Windows 2003 server
>
>
> "SBS Rocker" wrote:
>
>> I think I may know what your problems are. You say..........
>>
>> "I gave the user Full Control NTFS AND Folder Share permissions."
>> does the group Everyone=READ on the Share permissions still there ? If so
>> you need to remove the user=FULL and change Everyone=FULL on the share
>> permissions. No need to add a user to the share permissions and give him
>> FULL access. By industry best practices when creating a Share the default
>> would be Everyone=FULL.
>>
>>
>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>> >I gave the user Full Control NTFS AND Folder Share permissions.
>> >
>> > Even if I'm logged on as Administrator, I still can't push anything
>> > down,
>> > but I can pull files across without any issues.
>> >
>> > I'm stumped.
>> >
>> > "SBS Rocker" wrote:
>> >
>> >> What are the share permissions? When you say you gave the user FULL
>> >> control
>> >> do you mean FULL NTFS permissions?
>> >>
>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>> >> >I shared a directory with one of our Windows 2003 servers and gave a
>> >> >user
>> >> > Full Control accesss to that directory. However, from his computer
>> >> > where
>> >> > he
>> >> > is logged on, he can't copy and paste anything to that directory.
>> >> > If
>> >> > he
>> >> > remote desktop's into the server and logs on as himself, he can
>> >> > browse
>> >> > to
>> >> > another network share and pull the file over without any problems.
>> >> >
>> >> > I never had this problem in Windows 2000. How do I configure a
>> >> > directory
>> >> > on
>> >> > a Windows 2003 server so that people can "push" files to that folder
>> >> > without
>> >> > logging onto the server locally and "pulling" the files over?
>> >>
>> >>
>> >>
>>
>>
>>
 
SBS Rocker,
I do agree with you because I consider myself a throwback from the old NT
days and that is the way I have always done it and consider to be the
industry best practices method. Also the link you provided Dragos confirms
the industry best practices. That said I do believe you may be a bit harsh
in explaining it to Dragos. This NG is here to assist and help those who
posts questions and issues and not to belittle and discourage others because
of their lack of knowledge or experience.

Dragos,
SBS Rocker is correct and the reason being is because how Share permissions
"superceed" NTFS permissions with the "most restrictive" access. In your
case I think you are trying to secure your folder access using the Share
permissions. If you do this you will find yourself doing more administrative
work than necessary. The reason you users cannot write to that folder even
though you gave them FULL "NTFS" permissions is because what resides in your
Share permissions. You can give Joe Bob FULL share permissions and FULL NTFS
permissions but that that is not going to work as long as their is a group
that includes Joe Bob in the Share permissions will lesser access. I'm
assuming the group EVERYONE=Read in still in your share permissions. That is
what is preventing Joe Bob from writng to that folder because share
permissions will alow the most restrictive access overriding his FULL share
permissions.
Take SBS Rockers advice. All you need at the Share level is Everyone or
Authenticated Users = FULL. control your security at the NTFS permssions.


"SBS Rocker" <noreply@NoDomain.com> wrote in message
news:eiFGQcVyHHA.276@TK2MSFTNGP06.phx.gbl...
>A good article for those who don't understand how Shares work in
>conjunction with NTFS permissions. Take note on the last paragraph.....
>
> http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1093198,00.html?FromTaxonomy=%2Fpr%2F286434
>
> "Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
> news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
>> hi,
>> i dont agree with the best practices to give everyone full permisions on
>> the
>> share. Best practices is to check and add the groups proper there.
>>
>> --
>> Dragos CAMARA
>> MCSA Windows 2003 server
>>
>>
>> "SBS Rocker" wrote:
>>
>>> I think I may know what your problems are. You say..........
>>>
>>> "I gave the user Full Control NTFS AND Folder Share permissions."
>>> does the group Everyone=READ on the Share permissions still there ? If
>>> so
>>> you need to remove the user=FULL and change Everyone=FULL on the share
>>> permissions. No need to add a user to the share permissions and give him
>>> FULL access. By industry best practices when creating a Share the
>>> default
>>> would be Everyone=FULL.
>>>
>>>
>>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>>> >I gave the user Full Control NTFS AND Folder Share permissions.
>>> >
>>> > Even if I'm logged on as Administrator, I still can't push anything
>>> > down,
>>> > but I can pull files across without any issues.
>>> >
>>> > I'm stumped.
>>> >
>>> > "SBS Rocker" wrote:
>>> >
>>> >> What are the share permissions? When you say you gave the user FULL
>>> >> control
>>> >> do you mean FULL NTFS permissions?
>>> >>
>>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>>> >> >I shared a directory with one of our Windows 2003 servers and gave a
>>> >> >user
>>> >> > Full Control accesss to that directory. However, from his computer
>>> >> > where
>>> >> > he
>>> >> > is logged on, he can't copy and paste anything to that directory.
>>> >> > If
>>> >> > he
>>> >> > remote desktop's into the server and logs on as himself, he can
>>> >> > browse
>>> >> > to
>>> >> > another network share and pull the file over without any problems.
>>> >> >
>>> >> > I never had this problem in Windows 2000. How do I configure a
>>> >> > directory
>>> >> > on
>>> >> > a Windows 2003 server so that people can "push" files to that
>>> >> > folder
>>> >> > without
>>> >> > logging onto the server locally and "pulling" the files over?
>>> >>
>>> >>
>>> >>
>>>
>>>
>>>
>
>
 
Hi Paul,
You are correct maybe I was a bit too harsh on poor ole Andrew. However it
just aggrevates me to see a person who advertises himself as being an MCSA
and doesn't understand NFTS and Share permissions. I mean come on. that's
elementary. That was one of the first things we learned going back to NT 3.5
days and for him to doubt it being the industry best practices and being an
MCSA and to disagree with someone who is trying to help him isn't going to
get him anywhere. Perhaps he should of stated his disagreement and then
asked why I think it is the industry best practices and I would have
explained it to him.

"Paul in Detroit" wrote in message
news:uXnwJoVyHHA.5584@TK2MSFTNGP02.phx.gbl...
> SBS Rocker,
> I do agree with you because I consider myself a throwback from the old NT
> days and that is the way I have always done it and consider to be the
> industry best practices method. Also the link you provided Dragos confirms
> the industry best practices. That said I do believe you may be a bit harsh
> in explaining it to Dragos. This NG is here to assist and help those who
> posts questions and issues and not to belittle and discourage others
> because of their lack of knowledge or experience.
>
> Dragos,
> SBS Rocker is correct and the reason being is because how Share
> permissions "superceed" NTFS permissions with the "most restrictive"
> access. In your case I think you are trying to secure your folder access
> using the Share permissions. If you do this you will find yourself doing
> more administrative work than necessary. The reason you users cannot write
> to that folder even though you gave them FULL "NTFS" permissions is
> because what resides in your Share permissions. You can give Joe Bob FULL
> share permissions and FULL NTFS permissions but that that is not going to
> work as long as their is a group that includes Joe Bob in the Share
> permissions will lesser access. I'm assuming the group EVERYONE=Read in
> still in your share permissions. That is what is preventing Joe Bob from
> writng to that folder because share permissions will alow the most
> restrictive access overriding his FULL share permissions.
> Take SBS Rockers advice. All you need at the Share level is Everyone or
> Authenticated Users = FULL. control your security at the NTFS permssions.
>
>
> "SBS Rocker" <noreply@NoDomain.com> wrote in message
> news:eiFGQcVyHHA.276@TK2MSFTNGP06.phx.gbl...
>>A good article for those who don't understand how Shares work in
>>conjunction with NTFS permissions. Take note on the last paragraph.....
>>
>> http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1093198,00.html?FromTaxonomy=%2Fpr%2F286434
>>
>> "Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
>> news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
>>> hi,
>>> i dont agree with the best practices to give everyone full permisions on
>>> the
>>> share. Best practices is to check and add the groups proper there.
>>>
>>> --
>>> Dragos CAMARA
>>> MCSA Windows 2003 server
>>>
>>>
>>> "SBS Rocker" wrote:
>>>
>>>> I think I may know what your problems are. You say..........
>>>>
>>>> "I gave the user Full Control NTFS AND Folder Share permissions."
>>>> does the group Everyone=READ on the Share permissions still there ? If
>>>> so
>>>> you need to remove the user=FULL and change Everyone=FULL on the share
>>>> permissions. No need to add a user to the share permissions and give
>>>> him
>>>> FULL access. By industry best practices when creating a Share the
>>>> default
>>>> would be Everyone=FULL.
>>>>
>>>>
>>>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>>>> >I gave the user Full Control NTFS AND Folder Share permissions.
>>>> >
>>>> > Even if I'm logged on as Administrator, I still can't push anything
>>>> > down,
>>>> > but I can pull files across without any issues.
>>>> >
>>>> > I'm stumped.
>>>> >
>>>> > "SBS Rocker" wrote:
>>>> >
>>>> >> What are the share permissions? When you say you gave the user FULL
>>>> >> control
>>>> >> do you mean FULL NTFS permissions?
>>>> >>
>>>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>>>> >> >I shared a directory with one of our Windows 2003 servers and gave
>>>> >> >a
>>>> >> >user
>>>> >> > Full Control accesss to that directory. However, from his
>>>> >> > computer
>>>> >> > where
>>>> >> > he
>>>> >> > is logged on, he can't copy and paste anything to that directory.
>>>> >> > If
>>>> >> > he
>>>> >> > remote desktop's into the server and logs on as himself, he can
>>>> >> > browse
>>>> >> > to
>>>> >> > another network share and pull the file over without any problems.
>>>> >> >
>>>> >> > I never had this problem in Windows 2000. How do I configure a
>>>> >> > directory
>>>> >> > on
>>>> >> > a Windows 2003 server so that people can "push" files to that
>>>> >> > folder
>>>> >> > without
>>>> >> > logging onto the server locally and "pulling" the files over?
>>>> >>
>>>> >>
>>>> >>
>>>>
>>>>
>>>>
>>
>>
>
>
 
Last edited by a moderator:
I apologize. It was Dragos I was referring to and not Andrew.

"SBS Rocker" <noreply@NoDomain.com> wrote in message
news:OVajTtVyHHA.5380@TK2MSFTNGP04.phx.gbl...
> Hi Paul,
> You are correct maybe I was a bit too harsh on poor ole Andrew. However it
> just aggrevates me to see a person who advertises himself as being an MCSA
> and doesn't understand NFTS and Share permissions. I mean come on. that's
> elementary. That was one of the first things we learned going back to NT
> 3.5 days and for him to doubt it being the industry best practices and
> being an MCSA and to disagree with someone who is trying to help him isn't
> going to get him anywhere. Perhaps he should of stated his disagreement
> and then asked why I think it is the industry best practices and I would
> have explained it to him.
>
> "Paul in Detroit" wrote in message
> news:uXnwJoVyHHA.5584@TK2MSFTNGP02.phx.gbl...
>> SBS Rocker,
>> I do agree with you because I consider myself a throwback from the old NT
>> days and that is the way I have always done it and consider to be the
>> industry best practices method. Also the link you provided Dragos
>> confirms the industry best practices. That said I do believe you may be a
>> bit harsh in explaining it to Dragos. This NG is here to assist and help
>> those who posts questions and issues and not to belittle and discourage
>> others because of their lack of knowledge or experience.
>>
>> Dragos,
>> SBS Rocker is correct and the reason being is because how Share
>> permissions "superceed" NTFS permissions with the "most restrictive"
>> access. In your case I think you are trying to secure your folder access
>> using the Share permissions. If you do this you will find yourself doing
>> more administrative work than necessary. The reason you users cannot
>> write to that folder even though you gave them FULL "NTFS" permissions is
>> because what resides in your Share permissions. You can give Joe Bob FULL
>> share permissions and FULL NTFS permissions but that that is not going to
>> work as long as their is a group that includes Joe Bob in the Share
>> permissions will lesser access. I'm assuming the group EVERYONE=Read in
>> still in your share permissions. That is what is preventing Joe Bob from
>> writng to that folder because share permissions will alow the most
>> restrictive access overriding his FULL share permissions.
>> Take SBS Rockers advice. All you need at the Share level is Everyone or
>> Authenticated Users = FULL. control your security at the NTFS permssions.
>>
>>
>> "SBS Rocker" <noreply@NoDomain.com> wrote in message
>> news:eiFGQcVyHHA.276@TK2MSFTNGP06.phx.gbl...
>>>A good article for those who don't understand how Shares work in
>>>conjunction with NTFS permissions. Take note on the last paragraph.....
>>>
>>> http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1093198,00.html?FromTaxonomy=%2Fpr%2F286434
>>>
>>> "Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
>>> news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
>>>> hi,
>>>> i dont agree with the best practices to give everyone full permisions
>>>> on the
>>>> share. Best practices is to check and add the groups proper there.
>>>>
>>>> --
>>>> Dragos CAMARA
>>>> MCSA Windows 2003 server
>>>>
>>>>
>>>> "SBS Rocker" wrote:
>>>>
>>>>> I think I may know what your problems are. You say..........
>>>>>
>>>>> "I gave the user Full Control NTFS AND Folder Share permissions."
>>>>> does the group Everyone=READ on the Share permissions still there ? If
>>>>> so
>>>>> you need to remove the user=FULL and change Everyone=FULL on the share
>>>>> permissions. No need to add a user to the share permissions and give
>>>>> him
>>>>> FULL access. By industry best practices when creating a Share the
>>>>> default
>>>>> would be Everyone=FULL.
>>>>>
>>>>>
>>>>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>>>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>>>>> >I gave the user Full Control NTFS AND Folder Share permissions.
>>>>> >
>>>>> > Even if I'm logged on as Administrator, I still can't push anything
>>>>> > down,
>>>>> > but I can pull files across without any issues.
>>>>> >
>>>>> > I'm stumped.
>>>>> >
>>>>> > "SBS Rocker" wrote:
>>>>> >
>>>>> >> What are the share permissions? When you say you gave the user FULL
>>>>> >> control
>>>>> >> do you mean FULL NTFS permissions?
>>>>> >>
>>>>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>>>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>>>>> >> >I shared a directory with one of our Windows 2003 servers and gave
>>>>> >> >a
>>>>> >> >user
>>>>> >> > Full Control accesss to that directory. However, from his
>>>>> >> > computer
>>>>> >> > where
>>>>> >> > he
>>>>> >> > is logged on, he can't copy and paste anything to that directory.
>>>>> >> > If
>>>>> >> > he
>>>>> >> > remote desktop's into the server and logs on as himself, he can
>>>>> >> > browse
>>>>> >> > to
>>>>> >> > another network share and pull the file over without any
>>>>> >> > problems.
>>>>> >> >
>>>>> >> > I never had this problem in Windows 2000. How do I configure a
>>>>> >> > directory
>>>>> >> > on
>>>>> >> > a Windows 2003 server so that people can "push" files to that
>>>>> >> > folder
>>>>> >> > without
>>>>> >> > logging onto the server locally and "pulling" the files over?
>>>>> >>
>>>>> >>
>>>>> >>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>
>>
>
>
 
Last edited by a moderator:
wow!!! looks like I stumbled into a very interesting thread. Did anyone ever
resolve Andrew's issues? Let me throw in my cents here and try not to offend
anyone. I'm going to have to agree with SBS Rocker simply because if you
start applying users and groups at the share level you are creating more
work and managing the ntfs folder permissions becomes quite a task Rocker
is correct. You need to apply Everyone=FULL at the share level. I'm not sure
what Dragos was thinking about offering his suggestion to add groups to the
share permissions. Afterall he is a MCSA and he should know better than
that.

Dragos what happens if I give Group A FULL share permissions and Modify NTFS
permissions on the folder. Now I have a subfolder that requires part od the
users of Group A to have Modify and a new Group B to have read access yet
some of the members of Group B are members of Group A. Now what are you
going to do?



"Andrew" <Andrew@discussions.microsoft.com> wrote in message
news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>I shared a directory with one of our Windows 2003 servers and gave a user
> Full Control accesss to that directory. However, from his computer where
> he
> is logged on, he can't copy and paste anything to that directory. If he
> remote desktop's into the server and logs on as himself, he can browse to
> another network share and pull the file over without any problems.
>
> I never had this problem in Windows 2000. How do I configure a directory
> on
> a Windows 2003 server so that people can "push" files to that folder
> without
> logging onto the server locally and "pulling" the files over?
 
Dragos,
I do agree with SBS Rocker and Paul in Detroit with one exception and I add
"Authenticated Users=FULL" and remove the Everyone group. IMHO that is all
that is required at the Share level. You control security at the NTFS folder
level. As far as best practices are concerned in the "old days" as many of
you are referrring to it was by "default" that at the Share level
Everyone=FULL. Now in W2k3 it is default Everyone=Read. Here is another good
article regarding the reasoning for the change and "best practices" with
share and ntfs permssions. And Dragos you don't even want to get into why
you do not control security at the Share level. Share permissions are
basically used to allow acces to the shared resource and not used to control
security. You use NTFS Folder and File permissions for that.

"Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
> hi,
> i dont agree with the best practices to give everyone full permisions on
> the
> share. Best practices is to check and add the groups proper there.
>
> --
> Dragos CAMARA
> MCSA Windows 2003 server
>
>
> "SBS Rocker" wrote:
>
>> I think I may know what your problems are. You say..........
>>
>> "I gave the user Full Control NTFS AND Folder Share permissions."
>> does the group Everyone=READ on the Share permissions still there ? If so
>> you need to remove the user=FULL and change Everyone=FULL on the share
>> permissions. No need to add a user to the share permissions and give him
>> FULL access. By industry best practices when creating a Share the default
>> would be Everyone=FULL.
>>
>>
>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>> >I gave the user Full Control NTFS AND Folder Share permissions.
>> >
>> > Even if I'm logged on as Administrator, I still can't push anything
>> > down,
>> > but I can pull files across without any issues.
>> >
>> > I'm stumped.
>> >
>> > "SBS Rocker" wrote:
>> >
>> >> What are the share permissions? When you say you gave the user FULL
>> >> control
>> >> do you mean FULL NTFS permissions?
>> >>
>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>> >> >I shared a directory with one of our Windows 2003 servers and gave a
>> >> >user
>> >> > Full Control accesss to that directory. However, from his computer
>> >> > where
>> >> > he
>> >> > is logged on, he can't copy and paste anything to that directory.
>> >> > If
>> >> > he
>> >> > remote desktop's into the server and logs on as himself, he can
>> >> > browse
>> >> > to
>> >> > another network share and pull the file over without any problems.
>> >> >
>> >> > I never had this problem in Windows 2000. How do I configure a
>> >> > directory
>> >> > on
>> >> > a Windows 2003 server so that people can "push" files to that folder
>> >> > without
>> >> > logging onto the server locally and "pulling" the files over?
>> >>
>> >>
>> >>
>>
>>
>>
 
I forgot the link. here it is.......

http://www.windowsecurity.com/articles/Share-Permissions.html

"jj johnson" <yurkiddingme@domain.com> wrote in message
news:uXACclWyHHA.5592@TK2MSFTNGP04.phx.gbl...
> Dragos,
> I do agree with SBS Rocker and Paul in Detroit with one exception and I
> add "Authenticated Users=FULL" and remove the Everyone group. IMHO that is
> all that is required at the Share level. You control security at the NTFS
> folder level. As far as best practices are concerned in the "old days" as
> many of you are referrring to it was by "default" that at the Share level
> Everyone=FULL. Now in W2k3 it is default Everyone=Read. Here is another
> good article regarding the reasoning for the change and "best practices"
> with share and ntfs permssions. And Dragos you don't even want to get into
> why you do not control security at the Share level. Share permissions are
> basically used to allow acces to the shared resource and not used to
> control security. You use NTFS Folder and File permissions for that.
>
> "Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
> news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
>> hi,
>> i dont agree with the best practices to give everyone full permisions on
>> the
>> share. Best practices is to check and add the groups proper there.
>>
>> --
>> Dragos CAMARA
>> MCSA Windows 2003 server
>>
>>
>> "SBS Rocker" wrote:
>>
>>> I think I may know what your problems are. You say..........
>>>
>>> "I gave the user Full Control NTFS AND Folder Share permissions."
>>> does the group Everyone=READ on the Share permissions still there ? If
>>> so
>>> you need to remove the user=FULL and change Everyone=FULL on the share
>>> permissions. No need to add a user to the share permissions and give him
>>> FULL access. By industry best practices when creating a Share the
>>> default
>>> would be Everyone=FULL.
>>>
>>>
>>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>>> >I gave the user Full Control NTFS AND Folder Share permissions.
>>> >
>>> > Even if I'm logged on as Administrator, I still can't push anything
>>> > down,
>>> > but I can pull files across without any issues.
>>> >
>>> > I'm stumped.
>>> >
>>> > "SBS Rocker" wrote:
>>> >
>>> >> What are the share permissions? When you say you gave the user FULL
>>> >> control
>>> >> do you mean FULL NTFS permissions?
>>> >>
>>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>>> >> >I shared a directory with one of our Windows 2003 servers and gave a
>>> >> >user
>>> >> > Full Control accesss to that directory. However, from his computer
>>> >> > where
>>> >> > he
>>> >> > is logged on, he can't copy and paste anything to that directory.
>>> >> > If
>>> >> > he
>>> >> > remote desktop's into the server and logs on as himself, he can
>>> >> > browse
>>> >> > to
>>> >> > another network share and pull the file over without any problems.
>>> >> >
>>> >> > I never had this problem in Windows 2000. How do I configure a
>>> >> > directory
>>> >> > on
>>> >> > a Windows 2003 server so that people can "push" files to that
>>> >> > folder
>>> >> > without
>>> >> > logging onto the server locally and "pulling" the files over?
>>> >>
>>> >>
>>> >>
>>>
>>>
>>>
>
>
 
hmmmmmmmmmm this is all very interesting. Sure would like to see what Dragos
response is to Eagles10 question. Dragos I'm almost embarrassed to have read
your reply to Andrew instructing him to secure his folders at the share
level using groups. Makes the rest of us MCSA's look like we have no
creditability


"Eagles10" <bogus@bogus.net> wrote in message
news:%233TvKRWyHHA.4276@TK2MSFTNGP05.phx.gbl...
> wow!!! looks like I stumbled into a very interesting thread. Did anyone
> ever resolve Andrew's issues? Let me throw in my cents here and try not to
> offend anyone. I'm going to have to agree with SBS Rocker simply because
> if you start applying users and groups at the share level you are creating
> more work and managing the ntfs folder permissions becomes quite a task
> Rocker is correct. You need to apply Everyone=FULL at the share level. I'm
> not sure what Dragos was thinking about offering his suggestion to add
> groups to the share permissions. Afterall he is a MCSA and he should know
> better than that.
>
> Dragos what happens if I give Group A FULL share permissions and Modify
> NTFS permissions on the folder. Now I have a subfolder that requires part
> od the users of Group A to have Modify and a new Group B to have read
> access yet some of the members of Group B are members of Group A. Now what
> are you going to do?
>
>
>
> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>>I shared a directory with one of our Windows 2003 servers and gave a user
>> Full Control accesss to that directory. However, from his computer where
>> he
>> is logged on, he can't copy and paste anything to that directory. If he
>> remote desktop's into the server and logs on as himself, he can browse to
>> another network share and pull the file over without any problems.
>>
>> I never had this problem in Windows 2000. How do I configure a directory
>> on
>> a Windows 2003 server so that people can "push" files to that folder
>> without
>> logging onto the server locally and "pulling" the files over?
>
>
 
While I agree with using NTFS permissions to control access to folders and
files in a shared folder and setting Share Permissions to Everyone (or
Authenticated Users if you prefer) Full Control, you might want to review
the example in your second paragraph.

Share Permissions work the same way that NTFS permissions do - they are
additive - a given user gets the sum of all the permissions granted to them
by all the groups they are members of, not the least permission as you
stated (assuming I understand what you said correctly). With Share
permissions, there are only three possibilities, so the situation is simple:
- if the user is a member of a group that is granted Share Permission of
Full Control or Change, then, if the NTFS permissions grant them Modify,
they will be able to change things in the share regardless of what other
groups they may be members of that only have Share Permissions of Read. The
only thing that changes this is if there is a "Deny" permission setting
anywhere - Deny always takes precedence over any Allow permissions.

As far as I'm aware, this has always been the case and is unlikely to change
in the future.

I'm not sure what "Andrew"'s problem was caused by, but perhaps there is a
communication/terminology issue and the following steps will clarify things
for him.

Try this:

On an XP SP2 computer that is a domain member (e.g. XPSP2), logon with an
administrative user account

1. open Windows Explorer and create a new Folder (e.g. c:\Test) in a
convenient place
2. right click the folder, select Sharing and Security... on the Sharing
tab
a. select the Share this folder radio button
b. click Permissions
c. observe that the Share Permissions (default) are Everyone - Read - as
expected for XP SP2
d. click Cancel
3. select the Security tab
4. set the permissions to:
- Administrators - Full Control
- SYSTEM - Full Control
- Users - Modify
click OK (saves the changes and closes the Properties dialog)

I'm assuming that the local Users group on this computer (XPSP2) contains at
least some domain user accounts (e.g. brucen) - the default is Domain Users
(as it has been forever)

On another computer in the same domain (e.g. XPTest), logon with a domain
user account that is also a member of the local Users group of the first
computer (e.g. brucen)

5. in Start, Run, key \\xpsp2\test
6. observe that Windows Explorer opens showing the Test folder associated
with the Test share - this folder is currently empty
7. attempt to create a file or a folder or both - this fails - access is
denied

On the first computer (e.g. XPSP2):

8. right click the shard folder (e.g. c:\test), select Sharing and
Security... on the Sharing tab
a. click Permissions
b. click Add
c. add a domain group that contains the user account you logged on at
the second computer with (e.g. Domain Users), and grant that group Full
Control.
d. the Share Permissions will now look like:

Everyone - Read
Domain Users - Full Control
e. click OK

On the second computer (e.g. XPTest):

9. add a file through the share - works
10. add a folder through the share - works

The above was just to test the theory - normally I would just add Full
Control to Everyone in the Share Permissions.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Paul in Detroit" wrote in message
news:uXnwJoVyHHA.5584@TK2MSFTNGP02.phx.gbl...
> SBS Rocker,
> I do agree with you because I consider myself a throwback from the old NT
> days and that is the way I have always done it and consider to be the
> industry best practices method. Also the link you provided Dragos confirms
> the industry best practices. That said I do believe you may be a bit harsh
> in explaining it to Dragos. This NG is here to assist and help those who
> posts questions and issues and not to belittle and discourage others
> because of their lack of knowledge or experience.
>
> Dragos,
> SBS Rocker is correct and the reason being is because how Share
> permissions "superceed" NTFS permissions with the "most restrictive"
> access. In your case I think you are trying to secure your folder access
> using the Share permissions. If you do this you will find yourself doing
> more administrative work than necessary. The reason you users cannot write
> to that folder even though you gave them FULL "NTFS" permissions is
> because what resides in your Share permissions. You can give Joe Bob FULL
> share permissions and FULL NTFS permissions but that that is not going to
> work as long as their is a group that includes Joe Bob in the Share
> permissions will lesser access. I'm assuming the group EVERYONE=Read in
> still in your share permissions. That is what is preventing Joe Bob from
> writng to that folder because share permissions will alow the most
> restrictive access overriding his FULL share permissions.
> Take SBS Rockers advice. All you need at the Share level is Everyone or
> Authenticated Users = FULL. control your security at the NTFS permssions.
>
>
> "SBS Rocker" <noreply@NoDomain.com> wrote in message
> news:eiFGQcVyHHA.276@TK2MSFTNGP06.phx.gbl...
>>A good article for those who don't understand how Shares work in
>>conjunction with NTFS permissions. Take note on the last paragraph.....
>>
>> http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1093198,00.html?FromTaxonomy=%2Fpr%2F286434
>>
>> "Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
>> news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
>>> hi,
>>> i dont agree with the best practices to give everyone full permisions on
>>> the
>>> share. Best practices is to check and add the groups proper there.
>>>
>>> --
>>> Dragos CAMARA
>>> MCSA Windows 2003 server
>>>
>>>
>>> "SBS Rocker" wrote:
>>>
>>>> I think I may know what your problems are. You say..........
>>>>
>>>> "I gave the user Full Control NTFS AND Folder Share permissions."
>>>> does the group Everyone=READ on the Share permissions still there ? If
>>>> so
>>>> you need to remove the user=FULL and change Everyone=FULL on the share
>>>> permissions. No need to add a user to the share permissions and give
>>>> him
>>>> FULL access. By industry best practices when creating a Share the
>>>> default
>>>> would be Everyone=FULL.
>>>>
>>>>
>>>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
>>>> >I gave the user Full Control NTFS AND Folder Share permissions.
>>>> >
>>>> > Even if I'm logged on as Administrator, I still can't push anything
>>>> > down,
>>>> > but I can pull files across without any issues.
>>>> >
>>>> > I'm stumped.
>>>> >
>>>> > "SBS Rocker" wrote:
>>>> >
>>>> >> What are the share permissions? When you say you gave the user FULL
>>>> >> control
>>>> >> do you mean FULL NTFS permissions?
>>>> >>
>>>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
>>>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
>>>> >> >I shared a directory with one of our Windows 2003 servers and gave
>>>> >> >a
>>>> >> >user
>>>> >> > Full Control accesss to that directory. However, from his
>>>> >> > computer
>>>> >> > where
>>>> >> > he
>>>> >> > is logged on, he can't copy and paste anything to that directory.
>>>> >> > If
>>>> >> > he
>>>> >> > remote desktop's into the server and logs on as himself, he can
>>>> >> > browse
>>>> >> > to
>>>> >> > another network share and pull the file over without any problems.
>>>> >> >
>>>> >> > I never had this problem in Windows 2000. How do I configure a
>>>> >> > directory
>>>> >> > on
>>>> >> > a Windows 2003 server so that people can "push" files to that
>>>> >> > folder
>>>> >> > without
>>>> >> > logging onto the server locally and "pulling" the files over?
>>>> >>
>>>> >>
>>>> >>
>>>>
>>>>
>>>>
>>
>>
>
>
 
Last edited by a moderator:
hi,
it's seems you miss unterstood me. i don't agree with share permissions with
Everyone full and add proper groups there - i dont said anywhere to use only
that - and let me explain why.

if you give that permission then you are protected only by NTFS permissions
and if i have and another metod to protect my data why not to use? because
may be i will forget about it -that isn't a reason.

of couse is more simple to give everyone full ntfs share permisions rights -
but on my all shares i never agreed and i instructed to remove everyone and
add proper groups on ntfs share permissions.

--
Dragos CAMARA
MCSA Windows 2003 server


"Albert Louis" wrote:

> hmmmmmmmmmm this is all very interesting. Sure would like to see what Dragos
> response is to Eagles10 question. Dragos I'm almost embarrassed to have read
> your reply to Andrew instructing him to secure his folders at the share
> level using groups. Makes the rest of us MCSA's look like we have no
> creditability
>
>
> "Eagles10" <bogus@bogus.net> wrote in message
> news:%233TvKRWyHHA.4276@TK2MSFTNGP05.phx.gbl...
> > wow!!! looks like I stumbled into a very interesting thread. Did anyone
> > ever resolve Andrew's issues? Let me throw in my cents here and try not to
> > offend anyone. I'm going to have to agree with SBS Rocker simply because
> > if you start applying users and groups at the share level you are creating
> > more work and managing the ntfs folder permissions becomes quite a task
> > Rocker is correct. You need to apply Everyone=FULL at the share level. I'm
> > not sure what Dragos was thinking about offering his suggestion to add
> > groups to the share permissions. Afterall he is a MCSA and he should know
> > better than that.
> >
> > Dragos what happens if I give Group A FULL share permissions and Modify
> > NTFS permissions on the folder. Now I have a subfolder that requires part
> > od the users of Group A to have Modify and a new Group B to have read
> > access yet some of the members of Group B are members of Group A. Now what
> > are you going to do?
> >
> >
> >
> > "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> > news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
> >>I shared a directory with one of our Windows 2003 servers and gave a user
> >> Full Control accesss to that directory. However, from his computer where
> >> he
> >> is logged on, he can't copy and paste anything to that directory. If he
> >> remote desktop's into the server and logs on as himself, he can browse to
> >> another network share and pull the file over without any problems.
> >>
> >> I never had this problem in Windows 2000. How do I configure a directory
> >> on
> >> a Windows 2003 server so that people can "push" files to that folder
> >> without
> >> logging onto the server locally and "pulling" the files over?
> >
> >
>
>
>
 
hi Paul,
i do know very well how it work, i dont said to protect the share only with
share permissions rights all i said is i do not agree with everyone full
rights on ntfs permissions and i do not consider that type a pain when i put
users on the groups.


--
Dragos CAMARA
MCSA Windows 2003 server


"Paul in Detroit" wrote:

> SBS Rocker,
> I do agree with you because I consider myself a throwback from the old NT
> days and that is the way I have always done it and consider to be the
> industry best practices method. Also the link you provided Dragos confirms
> the industry best practices. That said I do believe you may be a bit harsh
> in explaining it to Dragos. This NG is here to assist and help those who
> posts questions and issues and not to belittle and discourage others because
> of their lack of knowledge or experience.
>
> Dragos,
> SBS Rocker is correct and the reason being is because how Share permissions
> "superceed" NTFS permissions with the "most restrictive" access. In your
> case I think you are trying to secure your folder access using the Share
> permissions. If you do this you will find yourself doing more administrative
> work than necessary. The reason you users cannot write to that folder even
> though you gave them FULL "NTFS" permissions is because what resides in your
> Share permissions. You can give Joe Bob FULL share permissions and FULL NTFS
> permissions but that that is not going to work as long as their is a group
> that includes Joe Bob in the Share permissions will lesser access. I'm
> assuming the group EVERYONE=Read in still in your share permissions. That is
> what is preventing Joe Bob from writng to that folder because share
> permissions will alow the most restrictive access overriding his FULL share
> permissions.
> Take SBS Rockers advice. All you need at the Share level is Everyone or
> Authenticated Users = FULL. control your security at the NTFS permssions.
>
>
> "SBS Rocker" <noreply@NoDomain.com> wrote in message
> news:eiFGQcVyHHA.276@TK2MSFTNGP06.phx.gbl...
> >A good article for those who don't understand how Shares work in
> >conjunction with NTFS permissions. Take note on the last paragraph.....
> >
> > http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1093198,00.html?FromTaxonomy=%2Fpr%2F286434
> >
> > "Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
> > news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
> >> hi,
> >> i dont agree with the best practices to give everyone full permisions on
> >> the
> >> share. Best practices is to check and add the groups proper there.
> >>
> >> --
> >> Dragos CAMARA
> >> MCSA Windows 2003 server
> >>
> >>
> >> "SBS Rocker" wrote:
> >>
> >>> I think I may know what your problems are. You say..........
> >>>
> >>> "I gave the user Full Control NTFS AND Folder Share permissions."
> >>> does the group Everyone=READ on the Share permissions still there ? If
> >>> so
> >>> you need to remove the user=FULL and change Everyone=FULL on the share
> >>> permissions. No need to add a user to the share permissions and give him
> >>> FULL access. By industry best practices when creating a Share the
> >>> default
> >>> would be Everyone=FULL.
> >>>
> >>>
> >>> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> >>> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
> >>> >I gave the user Full Control NTFS AND Folder Share permissions.
> >>> >
> >>> > Even if I'm logged on as Administrator, I still can't push anything
> >>> > down,
> >>> > but I can pull files across without any issues.
> >>> >
> >>> > I'm stumped.
> >>> >
> >>> > "SBS Rocker" wrote:
> >>> >
> >>> >> What are the share permissions? When you say you gave the user FULL
> >>> >> control
> >>> >> do you mean FULL NTFS permissions?
> >>> >>
> >>> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> >>> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
> >>> >> >I shared a directory with one of our Windows 2003 servers and gave a
> >>> >> >user
> >>> >> > Full Control accesss to that directory. However, from his computer
> >>> >> > where
> >>> >> > he
> >>> >> > is logged on, he can't copy and paste anything to that directory.
> >>> >> > If
> >>> >> > he
> >>> >> > remote desktop's into the server and logs on as himself, he can
> >>> >> > browse
> >>> >> > to
> >>> >> > another network share and pull the file over without any problems.
> >>> >> >
> >>> >> > I never had this problem in Windows 2000. How do I configure a
> >>> >> > directory
> >>> >> > on
> >>> >> > a Windows 2003 server so that people can "push" files to that
> >>> >> > folder
> >>> >> > without
> >>> >> > logging onto the server locally and "pulling" the files over?
> >>> >>
> >>> >>
> >>> >>
> >>>
> >>>
> >>>
> >
> >
>
>
>
 
simple as a walking in a park :
create a group C give ntfs share permisions to that group, add group A and B
to C, remove group A from share permission, give NTFS rights acording to
group A and B.

everyone group full access : includes anyone who has access to network
resources, including the Guest account - so keep to guest account with that
rights
--
Dragos CAMARA
MCSA Windows 2003 server


"Albert Louis" wrote:

> hmmmmmmmmmm this is all very interesting. Sure would like to see what Dragos
> response is to Eagles10 question. Dragos I'm almost embarrassed to have read
> your reply to Andrew instructing him to secure his folders at the share
> level using groups. Makes the rest of us MCSA's look like we have no
> creditability
>
>
> "Eagles10" <bogus@bogus.net> wrote in message
> news:%233TvKRWyHHA.4276@TK2MSFTNGP05.phx.gbl...
> > wow!!! looks like I stumbled into a very interesting thread. Did anyone
> > ever resolve Andrew's issues? Let me throw in my cents here and try not to
> > offend anyone. I'm going to have to agree with SBS Rocker simply because
> > if you start applying users and groups at the share level you are creating
> > more work and managing the ntfs folder permissions becomes quite a task
> > Rocker is correct. You need to apply Everyone=FULL at the share level. I'm
> > not sure what Dragos was thinking about offering his suggestion to add
> > groups to the share permissions. Afterall he is a MCSA and he should know
> > better than that.
> >
> > Dragos what happens if I give Group A FULL share permissions and Modify
> > NTFS permissions on the folder. Now I have a subfolder that requires part
> > od the users of Group A to have Modify and a new Group B to have read
> > access yet some of the members of Group B are members of Group A. Now what
> > are you going to do?
> >
> >
> >
> > "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> > news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
> >>I shared a directory with one of our Windows 2003 servers and gave a user
> >> Full Control accesss to that directory. However, from his computer where
> >> he
> >> is logged on, he can't copy and paste anything to that directory. If he
> >> remote desktop's into the server and logs on as himself, he can browse to
> >> another network share and pull the file over without any problems.
> >>
> >> I never had this problem in Windows 2000. How do I configure a directory
> >> on
> >> a Windows 2003 server so that people can "push" files to that folder
> >> without
> >> logging onto the server locally and "pulling" the files over?
> >
> >
>
>
>
 
i dont want to argue with you :

everyone group full access : includes anyone who has access to network
resources, including the Guest account - very good best practices -keep using
it.

microsoft best practices on share folders :
http://technet2.microsoft.com/windo...de6f-4fb9-8036-2cfafb6c05971033.mspx?mfr=true

--
Dragos CAMARA
MCSA Windows 2003 server


"SBS Rocker" wrote:

> A good article for those who don't understand how Shares work in conjunction
> with NTFS permissions. Take note on the last paragraph.....
>
> http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1093198,00.html?FromTaxonomy=%2Fpr%2F286434
>
> "Dragos CAMARA" <dragos_c@remove-this.hotmail.com> wrote in message
> news:CE8670EA-0F71-47A5-BE85-5132B7F7875C@microsoft.com...
> > hi,
> > i dont agree with the best practices to give everyone full permisions on
> > the
> > share. Best practices is to check and add the groups proper there.
> >
> > --
> > Dragos CAMARA
> > MCSA Windows 2003 server
> >
> >
> > "SBS Rocker" wrote:
> >
> >> I think I may know what your problems are. You say..........
> >>
> >> "I gave the user Full Control NTFS AND Folder Share permissions."
> >> does the group Everyone=READ on the Share permissions still there ? If so
> >> you need to remove the user=FULL and change Everyone=FULL on the share
> >> permissions. No need to add a user to the share permissions and give him
> >> FULL access. By industry best practices when creating a Share the default
> >> would be Everyone=FULL.
> >>
> >>
> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> >> news:9D378ED8-BCBA-40FD-A231-29B22CB11366@microsoft.com...
> >> >I gave the user Full Control NTFS AND Folder Share permissions.
> >> >
> >> > Even if I'm logged on as Administrator, I still can't push anything
> >> > down,
> >> > but I can pull files across without any issues.
> >> >
> >> > I'm stumped.
> >> >
> >> > "SBS Rocker" wrote:
> >> >
> >> >> What are the share permissions? When you say you gave the user FULL
> >> >> control
> >> >> do you mean FULL NTFS permissions?
> >> >>
> >> >> "Andrew" <Andrew@discussions.microsoft.com> wrote in message
> >> >> news:BF348C3A-D097-4852-AFB2-71978C5D6F81@microsoft.com...
> >> >> >I shared a directory with one of our Windows 2003 servers and gave a
> >> >> >user
> >> >> > Full Control accesss to that directory. However, from his computer
> >> >> > where
> >> >> > he
> >> >> > is logged on, he can't copy and paste anything to that directory.
> >> >> > If
> >> >> > he
> >> >> > remote desktop's into the server and logs on as himself, he can
> >> >> > browse
> >> >> > to
> >> >> > another network share and pull the file over without any problems.
> >> >> >
> >> >> > I never had this problem in Windows 2000. How do I configure a
> >> >> > directory
> >> >> > on
> >> >> > a Windows 2003 server so that people can "push" files to that folder
> >> >> > without
> >> >> > logging onto the server locally and "pulling" the files over?
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
 
Back
Top