I just took over this server and I need some help sorting out some file shares/ntfs permissions. I don't quite understand what the guy who set it up was doing and I'm hoping someone can figure out the logic of these permissions. This server is not on a domain and all groups are local. Share Permissions: Shared_SP_Read (Group) - Full Control Shared_SP_Write (Group) - Full Control NTFS Permissions: Administrators - Full Control Authenticated Users - Modify Shared_SP_Read (Deny) - Delete Subfolders and Files/Delete Shared_SP_Read (Allow) - Everything is checked except Full Control, Delete Subfolders and Files, and Delete Shared_SP_Write - Full Control System - Full Control Users - Read & Execute Why would you create a group obviously designed for read access, give it full control and then deny portions of it? Why not just Read & Execute? Why create a write group and then set it to Full Control? It seems to me that there should be one group for read with Read & Execute, one group for write with Modify, and one group for Full Control. With the Administrators and System groups added with Full Control. Your thoughts and comments are appreciated!

Hello, you have to ask the guy setting this up about the thoughts. If a security group has R&E then they are no able to delete anything. So it makes no sense for me also to configure the Deny option.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.