Definition of shared folder permissions in Network Encyclopedia.
What is shared folder permissions?
In Microsoft Windows, shared folder is a set of permissions that can be assigned to a shared folder to control access by users and groups on the network. Shared folder permissions can be applied only to the entire shared folder, not to its files and subfolders.
If you want to control access to individual files and subfolders within a network share, you can use the more granular NTFS permissions on Windows NT and Windows 2000. In addition, shared folder permissions are effective only when a user accesses the folder over the network.
If a user can log on locally to the console of the computer where the share is located, that user can always access the contents of the shared folder regardless of the shared folder permissions set (unless the folder is on an NTFS volume and the NTFS permissions restrict the user from accessing the resource).
Finally, shared folder permissions are the only way to secure network resources that are stored on FAT volumes.
If a user belongs to two or more groups, and these groups have different permissions on a given share, the user’s ability to access the folder over the network can be calculated by two rules:
- The effective permission is the least restrictive (most permissive) permission, as in this example: read + change = change permission
- No access or deny access overrides all other permissions, as in this example: read + no access = no access
How Shared Folders Works?
Windows 95, Windows 98, Windows NT, and Windows 2000 each have different mechanisms for assigning shared folder permissions for users and groups. The following tables show the permissions for each of these operating systems and lists what the permissions allow users to perform.
Windows 95 and Windows 98 Shared Folder Permissions
| Permission | What It Allows Users to Do |
| Read-Only Access Rights | List names of folders and filesBrowse hierarchies of foldersDisplay the contents of folders and filesRun executable files |
| Full Access Rights | Create and delete foldersAdd files to foldersCreate, modify, and delete filesChange file attributes(Includes read permissions) |
| Custom Access Rights | Depending on the options specified, allows users to perform the following actions:Read filesWrite to filesCreate files and foldersDelete filesChange file attributesList filesChange access control |
Windows NT 4.0 Shared Folder Permissions
| Permission | What It Allows Users to Do |
| No Access | Connect to a share without viewing its contents |
| Read | List names of folders and filesBrowse hierarchies of foldersDisplay the contents of folders and filesRun executable files |
| Change | Create and delete foldersCreate, modify, and delete filesChange file attributesIncludes read permissions |
| Full Control | Take ownership of files on NTFS volumesChange file permissions on NTFS volumesIncludes read and change permissions |
Windows 2000 Shared Folder Permissions
| Permission | What It Allows Users to Do |
| Read | List names of folders and filesBrowse hierarchies of foldersDisplay the contents of folders and filesRun executable files |
| Change | Create and delete foldersAdd files to foldersCreate, modify, and delete filesChange file attributesIncludes read permissions |
| Full Control | Take ownership of files on NTFS volumesChange file permissionsIncludes read and change permissions |
Shared folders default permission
When you first share a folder in Windows NT and Windows 2000, the default permissions are Full Control for the Everyone group. You should remove this default permission and assign more appropriate permissions to the share, such as change permission for Domain Users and full control for Administrators.
When you assign permissions to shared folders, use group accounts instead of user accounts in order to simplify administration. Give users the most restrictive permissions that still enable them to perform the necessary tasks on the files in the share.
