Implementing File Sharing Permissions should be with care to provide access to a piece of content.
Arbitrary file sharing permissions can cause you to cannot access a file or folder or vice versa, even creating vulnerabilities.
On Windows, you don’t have to worry about Permissions because it’s already set by the operating system. Each user has their profile and their own set of permissions, which prevents unauthorized access to files and folders.
File Sharing Permissions and NTFS Permissions have the same purpose in a Windows environment, which is to help you prevent unauthorized access to your important folders. However, some important differences between the two will determine which one you use.
NTFS Permissions
NTFS (New Technology File System) is a standard file system for Microsoft Windows NT and later operating systems. NTFS Permissions are used to manage access to files and folders stored on a volume with the NTFS file system format.
By default, it inherited permissions from the root folder to the files and sub-folders under it, although this inheritance can be disabled.
The major advantage of NTFS Permissions is that these permissions affect both local and remote users.
NTFS Type Permissions
| Permission | Allowed Access |
| Read | Users or groups can read the file and view the attributes, ownership, and permissions assigned. |
| Write | Users or groups can add and write files, change their attributes, view their ownership, and view permission settings. |
| Read & Execute | Users or groups can run executable files, including scripts. In addition, the user can perform all the tasks allowed by the Read permission. |
| Modify | The user or group can modify and delete the file, including performing all actions allowed by the Read, Write, and Read & Execute file permissions. |
| Full Control | A user or group can change the permissions assigned to a file, take ownership of the file, and perform actions allowed by all other NTFS file permissions. |
Share Permissions
Share Permissions allow you to control who accesses the folder over the network (not applicable to users who access it locally).
You can’t control access to sub-folders or individual objects on a share. Instead, Share Permissions apply to all files and folders in it.
You can specify the number of users allowed to access a shared folder. Share Permissions can be used with NTFS, FAT, and FAT32 file systems.
Other Interesting Articles
Share Types permissions
| Permission | Allowed Access |
| Read | Users can read the content in files and folders, as well as run programs. The “Everyone” group is given the “Read” permission by default. |
| Write | Users can read files, as well as add, edit, and delete files and folders. |
| Full Control | Users can create, read, update, and delete files and folders in directories, as well as NTFS files and folders. By default, the “Administrators” group is granted the “Full Control” permission. |
Combining NTFS Permissions and Share Permissions
You can combine NTFS Permissions and Share Permissions to set access to a file or folder.
Guidelines for setting the user’s level of access to a file or folder are:
- Local access, only NTFS Permissions are used to determine the user’s access level.
- Remote access, access over the network will apply to NTFS Permissions and Share Permissions. The most restrictive permissions between the two will determine the access level. For example, if Share Permissions on shared folder grants the user “Read” access and NTFS Permissions grants “Modify” access, the user’s effective permission level is Read when accessing the shared folder remotely (network) and Modify when accessing the folder locally.
- The individual permissions of the user are additively combined with the permissions of the group that the user is a member of. If the user has Read access to a file, but the user is a member of a group that has Modify access to the same file, the user’s effective permission level is Modify.
- Permissions assigned directly to a specific file or folder (explicit permissions) will take effect and take precedence over permissions inherited from the parent folder (inherited permissions).
- The Explicit Deny permission takes precedence over the Explicit allows permission, but because of the previous rule, the Explicit allow permission takes precedence over the inherited Deny permission.
Understanding the difference between NTFS Permissions and Share Permissions lets you use them together to secure access to both on-premises and shared resources.