Share permissions are used to control access to folders (and their subfolders and files) when accessed over a network. Share permissions therefore have no influence if files are accessed locally using a computer.
When combined with NTFS permissions, share permissions always have priority. This means that share permissions can restrict NTFS permissions, but not extend them. Share permissions are limited to the levels “Read & Execute”, ” Modify” and “Full Control”. It is not possible to make advanced settings.
To illustrate: Let’s assume folder “\\srv\Department\Sales“ is accessed using the network share (as mentioned earlier, for local access to the file server itself, only NTFS permissions apply – share permissions have no effect).
• NTFS permission: “Full Control“
• Share permission: “Read & Execute“
• Effective user permissions: “Read & Execute“
The share permission does not allow “full control” when access is attempted over a network.
• NTFS permission: “Read & Execute“
• Share permission: “Full Control“
• Effective user permission: “Read & Execute“
Although the share permission would enable “full control” over the network, NTFS limits access to “Read & Execute”.
What settings are recommended?
We recommend setting the share permission to “Everyone“ and the permission level to “Full control“. No further share permissions should be set. This ensures that access on a network level is not restricted and that only the NTFS permissions apply.
Using NTFS only to control file server permissions has significant advantages:
• Combining NTFS permissions and share permissions is too confusing and complex
• NTFS permissions allow a granular assignment of permissions
• NTFS permissions apply even if the server is accessed locally