Tech Master
OneStopTechnical Forum
OneStopTechnical Forum
| Feature / Aspect | Share Permissions | NTFS Permissions | Security Settings (ACLs) |
|---|---|---|---|
| π Where Configured | Sharing tab β Advanced Sharing | Security tab | Security tab β Advanced |
| π Applies To | Access over the network (SMB/UNC paths) | Access over local + network | Full NTFS model incl. permissions, ownership, audit |
| π₯ User Scope | Users/groups accessing over network | Users/groups both local and domain | Users/groups + audit subjects |
| βοΈ Common Settings | – Read – Change – Full Control | – Read – Write – Modify – Full Control | – Permissions – Ownership – Auditing |
| π Granularity | Basic (3 levels) | Highly granular (individual file/folder level) | Most granular (includes inheritance, audit, owner) |
| π‘ Effective Access Rule | Most restrictive applies when combined w/ NTFS | Most restrictive applies when combined w/ share | Depends on entire ACL evaluation |
| π§° Tools Used | File Explorer, net share | File Explorer, icacls, Get-Acl, Set-Acl | Same as NTFS + advanced UI |
| π§ͺ Audit Support | β Not supported | β Supported via ACL | β Includes full auditing setup |
| π Inheritance Support | β No inheritance | β Supports inheritance from parent folder | β Supports inheritance + advanced rules |
| π Visibility Control | β Cannot hide objects from unauthorized users | β With ABE + NTFS permissions | β With ABE + NTFS |
| π§― Fallback When Missing | No access via network if not shared | No access at all if NTFS denies | NTFS security model is always enforced |
| π§ Best Practice | Set to Full Control for allowed groups, manage access with NTFS | Use NTFS to define actual access rights | Use to set ownership, audit policies, inheritance |
“Give Full Control in Share Permissions, and restrict access using NTFS Permissions for precision. Use Security (ACLs) for advanced control and auditing.”