Diff between win2k sharing tab and Security Tab

[DeadSeaSquirrels]

When I share a folder in windows 2000, there are three tabs in the properties window. General, Sharing, and Security. I am just wondering what the difference between the sharing tab and the security tab is. Does one correspond to sharing of a folder between different logins on the same machine, and the other tab deals with sharing of folders over a network?

It just seems that if I go in the share tab and share the folder, and then click on the permissions button and specify who has access to the folder, sometimes the folder still isn't accessable to the other person. I have to figit around with the security tab, once again, adding the user and setting their permissions. How come there are two tabs, both of which correspond with setting a user and setting their permissions to a specific folder? Can somebody help explain this for me?

 

[bsobel]

There are two 'doors' you have to go thru in order to share the files. The first is the underlying file system rights to read/write/modify the data. If you don't have those, even tho you might be able to see the files you can't access them. The common UI for this is the security tab.

On top of that is the file share permissions, that controls you can remotely connect to the share and get a chance to see the files. It's a layer 'above' the file system permissions, and as you've noticed only applies to those users connecting remotely. This is the sharing tab and it's UI.

With these two layers it's perfecly valid for you to configure a file so 'joe' has write access to file 'a', but only when logged onto the machine locally and 'read only' access when accessing the file via a network share.

Make sense?
Bill

 

[DeadSeaSquirrels]

oh, so the security tab is the lower order security. Meaning that just allows people who are logged in on the local machine to view your file. It is the sharing tab that allows users who are connecting remotely to be able to use the files. Interesting, I always thout it was the other way around. Thanks

 

[jimmyhaha]

I am having the same question, can someone clearify ?

thanks in advance.

 

[Nothinman]

The security tab controls the access rights directly on the file, in the filesystem. It determins the access controls applied to anyone trying to access that file.
The sharing tab sets up shares and their access controls, the only time those controls apply is when someone is accessing the filesystem from the network via that specific share.

Filesystem rights always apply no matter where the person access the file is coming from, sharing rights only apply when the file is accessed via SMB and via that specific share. For instance accessing the file via the FTP or WWW protocol wouldn't involve the share rights at all even though the file is being accessed from the network, but the filesystem rights will apply.

 

[jimmyhaha]

I want to accomplish the following task. What would be most simple procedure ?

1. Share a folder call "MP3" in PC A so the users in the other PC on the network can have automatic READ access on the MP3 folder without entering password?

2. Share a folder call "temp" in PC A so the users in the other PC on the network can have FULL access only without entering password for shared access ?

Question

1. Do I need to use mapped network drive ?
2. Do I need to add all user who need to access PC A to the "Local User & Group" ?

pls advice, thanks in advance.

 

[stash]

As a general rule, you should always enforce security on shares at the NTFS level, rather than at the share level. It's best to leave share permissions at the default, and then give and deny access through NTFS (the security tab).

 

[Saltin]

It's also worth noting that when Share and NTFS permissions are applied, the most restrictive permission is the effective permission.