Page 86 of 86 FirstFirst ... 367677787980818283848586
Results 851 to 856 of 856
  1. #851
    Service Manager 1,000+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    1,979
    Rep Power
    68

    Re: Need some advice on learning networking

    Just be sure to test. Getting the NTFS permissions right the first few times usually trips people up.

  2. #852
    Service Manager 2,500+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    4,806
    Rep Power
    172

    Re: Need some advice on learning networking

    rthonpm was right, "access based enumeration" tripped me up at first. I found a good training video on it and was able to get it down. It's pretty cool because you don't always want everyone on the network to see a shared folder. This will come in very handy.

  3. #853
    Service Manager 1,000+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    1,979
    Rep Power
    68

    Re: Need some advice on learning networking

    Quote Originally Posted by BillyCarpenter View Post
    rthonpm was right, "access based enumeration" tripped me up at first. I found a good training video on it and was able to get it down. It's pretty cool because you don't always want everyone on the network to see a shared folder. This will come in very handy.
    This won't hide the share, but it will hide some, or all, of the contents. The permissions for the share should be as wide as possible (the standard is usually Read for Domain Users) and then the permissions on the folders are more granular, so while everyone may see the share, only specific people will see something other than an empty share, or only see certain folders. Samba also allows for this, though the process is much more complicated and easier to break so I don't recommend it for anything other than Windows servers.

    The advantage is also that hidden shares are only recognised by Windows: any Mac or Linux client will still be able to list shares that to Windows would be hidden.

    Sent from my BlackBerry using Tapatalk

  4. #854
    Service Manager 2,500+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    4,806
    Rep Power
    172

    Re: Need some advice on learning networking

    Quote Originally Posted by rthonpm View Post
    This won't hide the share, but it will hide some, or all, of the contents. The permissions for the share should be as wide as possible (the standard is usually Read for Domain Users) and then the permissions on the folders are more granular, so while everyone may see the share, only specific people will see something other than an empty share, or only see certain folders. Samba also allows for this, though the process is much more complicated and easier to break so I don't recommend it for anything other than Windows servers.

    The advantage is also that hidden shares are only recognised by Windows: any Mac or Linux client will still be able to list shares that to Windows would be hidden.

    Sent from my BlackBerry using Tapatalk

    Sorry, I misspoke. You're correct, it doesn't hide the share. But it will/can hide the subfolders inside the share depending on the permission level granted. I think the rule is that a user must at least have "read" permission or they won't be able to see the folder.

    PS - I just verified it...the user must at least have "read" permission to see the subfolder. Of course, you can up the permission level depending on what you want to allow the user to do.


    Did I explain that correctly? Just curious.

  5. #855
    Service Manager 1,000+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    1,979
    Rep Power
    68

    Re: Need some advice on learning networking

    Quote Originally Posted by BillyCarpenter View Post
    Sorry, I misspoke. You're correct, it doesn't hide the share. But it will/can hide the subfolders inside the share depending on the permission level granted. I think the rule is that a user must at least have "read" permission or they won't be able to see the folder.

    PS - I just verified it...the user must at least have "read" permission to see the subfolder. Of course, you can up the permission level depending on what you want to allow the user to do.


    Did I explain that correctly? Just curious.
    The way you get it to work is to remove inheritance from any subfolder you create and then grant NTFS permissions as needed. You're correct that the minimum permission to see a folder is Read, but that goes for any folder in any OS. You can also get more detailed down to the level of allowing people to modify the contents of a folder, but not the folder itself. I've had to do this in the past when a customer kept trying to move a folder in the root of the share inside another one, essentially cutting off access to it for others who didn't have access to the folder it was moved to.

    Here's the setup I did recently for a company for scan to folder (to keep it in the copier world):

    Shared folder: Scans. Shared as Read to all domain users.

    Subfolders:

    Bob
    Chris
    Mark
    Michelle
    Neil
    Pete
    Sandra
    Sharon
    Tammy

    Each folder had NTFS inheritance removed and were permissioned so that only two accounts had permissions to each folder. The user has Modify permissions, and the AD account used for scanning has Read/Write.

    Never under any circumstances give a standard user account Full Control as this allows for changing the permissions on contents. Nothing like trying to rebuild permissions on huge folders because of a disgruntled employee.

    Sent from my BlackBerry using Tapatalk

  6. #856
    Service Manager 2,500+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    4,806
    Rep Power
    172

    Re: Need some advice on learning networking

    Quote Originally Posted by rthonpm View Post
    The way you get it to work is to remove inheritance from any subfolder you create and then grant NTFS permissions as needed. You're correct that the minimum permission to see a folder is Read, but that goes for any folder in any OS. You can also get more detailed down to the level of allowing people to modify the contents of a folder, but not the folder itself. I've had to do this in the past when a customer kept trying to move a folder in the root of the share inside another one, essentially cutting off access to it for others who didn't have access to the folder it was moved to.

    Here's the setup I did recently for a company for scan to folder (to keep it in the copier world):

    Shared folder: Scans. Shared as Read to all domain users.

    Subfolders:

    Bob
    Chris
    Mark
    Michelle
    Neil
    Pete
    Sandra
    Sharon
    Tammy

    Each folder had NTFS inheritance removed and were permissioned so that only two accounts had permissions to each folder. The user has Modify permissions, and the AD account used for scanning has Read/Write.

    Never under any circumstances give a standard user account Full Control as this allows for changing the permissions on contents. Nothing like trying to rebuild permissions on huge folders because of a disgruntled employee.

    Sent from my BlackBerry using Tapatalk

    You kinda of lost me when you said to remove the inheritance from the subfolders. I'm gonna have to think about that for a minute.


    Here's the way I did it.

    I created a folder and named it "datashare".

    I removed the inheritance from that shared folder. I then removed "users" from permissions. I then add the users that I wanted to have permission to this share but I only grated them permission to "this folder only".

    In other words, the users will not be able to see any subfolders that I add to the share unless I grant them at least read permission.


    I probably did a terrible job of explaining it. Here's the video that I watched:



Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here