NTFS permission, local users and share permissions confusion

-

for years now, work, file servers have shares "domain\authenticated users" change permissions on them. ntfs permissions set per security group (and in cases specific users if need be).
works great, specific groups or users can access share (and whatever allowed according ntfs permissions).

here @ home i'm playing hyper-v free 2016 tp3, , created share storing iso files.
wanting use more powershell used new-smbshare cmdlet create share.
microsoft still uses share permissions, instead of authenticated users more secure imo, surprise able access share using domain user. couldn't write, read.

after digging around, found out server's local users group has domain users in it's list.
reading old links why still doesn't make clear me why domain users should part of local users group of server. sounds silly me.

the fileservers @ work aren't old. server 2012, i've administered them same way in 2008 r2 , 2003. can't remember ever seeing local users filled domain users security group.

have missed in past years, or supposed let go of ntfs permissions , use share permissions instead?
latter sound dangerous me in case share gone, whatever reason, , have no clue permissions users/groups. that's why on ntfs side.

hope can shed light on one, , i'm missing here.

hi,

from article, domain users in local users group default. applies earlier operation systems well:

https://technet.microsoft.com/en-us/library/cc785098(v=ws.10).aspx

users:

members of group can perform common tasks, such running applications, using local , network printers, , locking server. users cannot share directories or create local printers. by default, domain users, authenticated users, , interactive groups members of group. therefore, user account created in the domain becomes member of group.

as not have there, can set policy remove group local users group.

please remember mark replies answers if , un-mark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com.




Windows Server  >  File Services and Storage



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more