Am 28.01.21 um 10:31 schrieb Rowland penny via samba:> On 28/01/2021 09:11, Matthias Leopold via samba wrote:
>>
>> Thanks.
>> Is it correct, that "Full Control" for "Everyone"
is needed in a
>> shares permissions when the Domain Administrator wants to access it
>> (and is mapped to root in "username map")?
>
>
> Yes, but more importantly, if you do not have 'Everyone' set on the
> share tab (which, as far as I can see, is the default) then your users
> will not be able to access the permissions. Unless you have a valid
> reason to alter the share tab (and I cannot think of one), leave it
> alone, this is one of the mistakes that a lot of people make, they alter
> the share tab.
Then why bothering with granting SeDiskOperatorPrivilege when share
permissions shall not be modified at all (this was my original question)?
>
>
>> If Yes: Shall "Full Control" for "Everyone" be the
permanent setting
>> for a share permissions in this case or shall it only be added when
>> needed?
>> Maybe all this is obvious to other people, I'm somehow missing a
piece
>> here in understanding how share permissions are meant to be configured.
>
> The problem is that Microsoft called the tab that you might need to
> modify 'security', a better name would have been 'NTFS
permissions'.
>
I know that the settings in "Security" are essential. I always aimed
at
configuring the correct combination of "Share permissions" and
"Security". There are instructions in the Microsoft docs about this.
Matthias