Control Access to Shared Folders


With SFS, you can only control whether or not users accessing a share can change the files within it. With classic sharing, though, you have much more granular control.

Access to a shared folder is controlled through an Access Control List (ACL). This ACL controls who can do what to the share in question. There are three levels of share permissions, as described in Table 11-1.

Table 11-1. Share Level Permissions

Permission

Characteristics

Read

Allows users to view files; also lets users execute programs in the shared folder.

Change

Allows users to change the data in a file. This includes the ability to delete a file within a share, so be judicious about who has Change permission.

Full Control

Allows full access to the shared folder, including all permissions from Change; allows users to change permissions on the share.


For each of these three permissions, you set one of two conditions, called Allow and Deny. Allow grants the specific permission to a shared resource, and it is the default selection for a permission setting. Deny explicitly blocks the permission and supersedes Allow settings. The Deny condition adds another layer of complexity to shared resources and therefore should be used sparingly. For example, it is possible to Deny Read access for resources while allowing Change access. The result would be a folder in which a user could delete a file that he or she could not read. I can't even think of an example where you would want this.

If you don't want someone to change a file, just don't grant that person the Change permission in the first place. Under most circumstances, there's very little reason to use the Deny setting.

You access the share's ACL by clicking the Permissions button on the Sharing tab. You will see the dialog box shown in Figure 11-6.

Figure 11-6. The share-level Access Control List.


Notice that the Everyone group is automatically added to the Access Control List when the folder is shared. Furthermore, this group, which includes, well, everyone, has the Read permission to the shared folder.

To add entries to the ACL, click the Add button and then type the name of the user or group you want to add. In the example in Figure 11-6, I've added another user to the list (The Dude) and given this user Full Control to the folder.



Spring Into Windows XP Service Pack 2
Spring Into Windows XP Service Pack 2
ISBN: 013167983X
EAN: 2147483647
Year: 2004
Pages: 275
Authors: Brian Culp

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net