7.3 Shared Folder Permissions
Shared folder permissions apply to folders, not individual files. Since you can apply shared folder
permissions only to the entire shared folder, and not to individual files or subfolders in the shared folder,
shared folder permissions provide less detailed security than NTFS permissions.
Shared folder permissions are only applied to users who connect to the folder over the network and not to
users who gain access to the folder at the computer where the folder is stored.
Shared folder permissions can secure network resources on a FAT or FAT32 volume, on which you cannot
implement NTFS permissions.
The default shared folder permission is Full Control, and it is assigned to the Everyone group when you
share the folder.
TABLE 7.3: Shared Folder Permissions
Allows the user to
Display folder names, filenames, file data, and attributes; run
program files; and change folders within the shared folder.
Create folders, add files to folders, change data in files, append data
to files, change file attributes, delete folders and files, plus, it allows
the user to perform actions permitted by the Read permission.
Change file permissions, take ownership of files, and perform all
tasks permitted by the Change permission.
You can also allow or deny shared folder permissions. Applying shared permissions to user accounts and
groups affects access to a shared folder. Denying permission takes precedence over the permissions that you
Note: Multiple Shared Folder Permissions Combine: A user's effective
permissions for a resource are the sum of the Shared Folder permissions
that you assign to the individual user account and to all of the groups to
which the user belongs. In other words, if a user has Read permission for a
folder and is a member of a group with Change permission for the same
folder, the user has both Read and Change permissions for that folder.
Note: Denying Shared Folder Permissions Overrides Other Permissions:
Denied permissions take precedence over any permissions that you may
have granted the user accounts and groups. If you deny a shared folder
permission to a user, the user will not have that permission, even if you
allow the permission for a group of which the user is a member.
Note: NTFS Permissions Are Also Required On NTFS Volumes: Shared
folder permissions can be used to grant users access to files and folders on a
FAT or FAT32 volume but not on an NTFS volume. On a FAT or FAT32
volume, you can grant users access to a shared folder as well as all of the
files and subfolders contained in the shared folder. To grant users access to a
shared folder on an NTFS volume, you must grant them the shared folder
permission and the appropriate NTFS permissions for each file and folder
that you want them gain access to.
Note: Copied or Moved Shared Folders Are Not Shared: When you copy a
shared folder, the original shared folder is still shared, but the copy is not
shared. When you move a shared folder, it is no longer shared.