I do the same as you.
Does anyone know of a better commandline tool for setting share permissions other thanOn Windows 2003 servers, Microsoft set the default permisions on share to be everyone read only. The problem is it doesn't be an easy way to adjust this. So I just reshare the share with everyone change and rely on NTFS permissions on the drive to provide the security.Code:NET SHARE share$=<filepath> /GRANT:user,permission
I do the same as you.
The best command line tool for managing permissions I have ever used SetACL. It can do just about everything related to permissions on files, folders, shares, registry, printers and services.
Yeah- that's actually best practise in a lot of Microsoft training courses now. In Server 2000 they had Everyone with the lot, and then in 2003 said "OK, how can we make the share safer from the get go" and came up with setting Everyone: Read by default. I actually think it's a good idea. And normally (no- most all the time) I use the Share MMC to handle things like sharing folders and the GUI for setting them.Originally Posted by NetworkGeezer
Now MIcrosoft are telling everyone to set the share permission to Everyone: Full Control and advising the use of NTFS to further restrict. Again, a good idea. Share permission are messy- they don't replicate, and backing them up is a futile exercise in pain-filled living. NTFS permissions all the way!
But personally- I would use the GUI if it's that much of a time consumer.
You could use XCALS, I use it as part of the new intake script I run every August.
When I get into the office on Monday I will post a link to it and a copy of the script I use, it is really easy and straight forward and modifies the permissions on the share and the NTFS permissions also.
XACLS for me with chown for ownership.
Thanks for all the responses. I think I will have to go with AJBrittons suggestion, i.e. using SetACL. From what I can see XCACLS just provides finer control over NTFS permissions.
If you just want a simple tool you could do with rmtshare.exe which sets everyone full control by default. I think it's a resource kit tool. Obviously check the version that you have sets the correct permissions as Microsoft may have "updated" it in later versions. As the name suggests, it will set a share on a remote server.
I much prefer using everyone - full control on shares. It's recommended practice because trying to administer access controls in 2 places is always going to lead to oversights. Seeing as NTFS permissions give much more precise control than share perms do, NTFS is the obvious pick.
Thanks sahmeepee. I'll have a look at that too.
There are currently 1 users browsing this thread. (0 members and 1 guests)