If the file is accessed locally, only the NTFS permissions are used to determine the user's level of access. If the file is accessed through a share, NTFS and share permissions are both used, and the most restrictive permission applies.
By default, permissions are inherited from a root folder to the files and subfolders beneath it, though this inheritance can be disabled. NTFS permissions take effect regardless of whether a file or folder is accessed locally or remotely.
If a user has Read access to a file, but the user is a member of a group that has Modify access to the same file, the user's effective permission level is Modify. Permissions assigned directly to a particular file or folder (explicit permissions) take precedence over permissions inherited from a parent folder (inherited permissions).
Both sets of permissions can be assigned in the properties window of a file or folder. NTFS permissions are assigned in the Security tab of the properties window, while share permissions are assigned in the Sharing tab by clicking Advanced Sharing, then clicking Permissions.
The rules for determining a user's level of access to a particular file are as follows: If the file is accessed locally, only the NTFS permissions are used to determine the user's level of access. If the file is accessed through a share, NTFS and share permissions are both used, and the most restrictive permission applies.
Windows provides two sets of permissions to restrict access to files and folders: NTFS permissions and share permissions . NTFS permissions are applied to every file and folder stored on a volume formatted with the NTFS file system.
The most important thing to remember about NTFS permissions and share permissions is the manner in which they combine to regulate access.#N#The rules for determining a user's level of access to a particular file are as follows: 1 If the file is accessed locally, only the NTFS permissions are used to determine the user's level of access. 2 If the file is accessed through a share, NTFS and share permissions are both used, and the most restrictive permission applies. For example, if the share permissions on the shared folder grant the user Read access and the NTFS permissions grant the user Modify access, the user's effective permission level is Read when accessing the share remotely and Modify when accessing the folder locally. 3 A user's individual permissions combine additively with the permissions of the groups that the user is a member of. If a user has Read access to a file, but the user is a member of a group that has Modify access to the same file, the user's effective permission level is Modify. 4 Permissions assigned directly to a particular file or folder (explicit permissions) take precedence over permissions inherited from a parent folder (inherited permissions). 5 Explicit Deny permissions take precedence over explicit Allow permissions, but because of the previous rule, explicit Allow permissions take precedence over inherited Deny permissions.
A user's individual permissions combine additively with the permissions of the groups that the user is a member of. If a user has Read access to a file, but the user is a member of a group that has Modify access to the same file, the user's effective permission level is Modify .
Both sets of permissions can be assigned in the properties window of a file or folder. NTFS permissions are assigned in the Security tab of the properties window , while share permissions are assigned in the Sharing tab by clicking Advanced Sharing, then clicking Permissions.
Share permissions are only applied to shared folders. They take effect when a shared folder is accessed across a network from a remote machine. The share permissions on a particular shared folder apply to that folder and its contents.
Explicit Deny permissions take precedence over explicit Allow permissions, but because of the previous rule, explicit Allow permissions take precedence over inherited Deny permissions. Both sets of permissions can be assigned in the properties window of a file or folder.
private data for each user should be kept in their C:Users folder
a user account can belong to only one group at a time
outbound traffic can be throttled and the priority is a number from 0 and 63
by default all users can access Remote Desktop