I'm getting rather confused as to why there seem to be 3 different places to configure folder sharing in SBS. They don't always seem to be dumbed down interfaces to each other, so which one works?
One, I can right click a folder and choose "Share With.. Specific People.." and choose the people, I don't get to choose the share name. This seems to be another way to access the simplistic file sharing found in File/Folder-Right-Click.. Properties.. Sharing tab.. 'Network File and Folder Sharing'
Two, I can go to the SBS console "shared folders" and set up or configure folders to share. I get a simple interface and I cannot configure permissions very easily. I have a share in here that is appearing seemingly by virtue of the fact that I shared a folder with Method One, but the permissions it shows me are not the permissions I chose in method one. This interface is also massively simplistic
Three, I can Right Click a File/Folder, Sharing tab, Advanced Sharing, give it some names (which at least seems that the share name autoconfigured by the other two can be edited here, and I can click Permissions and find an advanced view of the permissions I set up in method Two..
Can someone clue me into the wisdom here.. which one of these permission sets takes precedence? What if theyre set different? what benefit does such an arrangement have? Method Two, curiously, seems to share folders and also set NTFS file permissions such that if someone ISN'T in the list of allowed accessors/readers/writers, they can at least get into the folder and list the contents of anything they are allowed to touch.. this has an advantage in that I could configure a folder for each business department that has a public subfolder, and any other dept can get in, and drop something in the public folder for a department, but cannot access the private folders therein.. but how is it working? The two share areas will show: (Basic: Accounts Read/Write) (Advanced: Everyone FullControl) so how can a non-accounts user still get into the folder, but see nothing? What's the share permission that is granting access there?
And more pressing questions: So lets suppose I've settled on Method Two, and my permissions are set so that the accounts team (a security group) only, can access accounts share.. Now suppose a new guy joins accounts, so i make him a user account,
add him to the accounts team group.. and he still gets access denied on accounts. How do I trigger a refresh.. surely this access should be checked every time a file is requested and any changes I make to security, shares, group membership etc, should be on
the fly?
It seems, sometimes that the new guy can get in if he restarts his PC.. but is this honestly how large entrprises are managed? "Yes, I've updated your permissions on the server - you have to reboot to get into them" - it's not even logical to have a client
reboot influencing a server accept or deny?
Thanks