Q

Setting NTFS and share permissions best practices

I'm seeking "best practice" advice for the reasonable setting of NTFS and share permissions for the HOME CATALOGs of each %USERNAME% on the common fileserver within AD. Is the following scheme good?

  1. The Catalog, containing all home users catalogs, does not inherit from the parent volume, but in its turn permits for all child objects full access for the local admin group of this server (to allow further administering in critical conditions).

  2. In addition to that, each inner home catalog has MODIFY rights only for the corresponding %USERNAME% and full control for the CREATOR OWNER.

  3. Each home catalog is shared separately as %USERNAME%$ with CHANGE or FULL CONTROL for only user himself.

Does this scheme allow "sufficient minimum" of rights, security and manageability? Can you comment?

This solution appears to be well planned and sufficient for management and security. Note however that 'Create Owner' will always end up being the local administrators' group. This is a feature of Windows 2000.
This was first published in September 2003
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close