Can I share folders on a LAN using NTFS alone?

windows-10 ntfs file-permissions windows-7 network-shares

Solution 1:

NTFS, like ext4, are partition file systems. They only operate on the local computer. You need to “share” a folder in order to make it accessible outside the local computer.

Further to that, when sharing via Windows (or Samba), the share permissions also apply. If you’re granted access via the share, you still need access via the underlying file system’s security.

Solution 2:

The confusion is caused by your using old and new Microsoft documentation, where both are badly worded.

NTFS has a permissions model, while the ancient FAT32 does not.

In NTFS, files/folders can have permissions. A network share can also have permissions. But one does not imply the other, as both are entirely separate.

To access a file folder residing in a network share for an NTFS file-system, two checks are done, in order:

  1. Network check : To verify if the presented network credentials have the necessary access permissions to the share. And if they pass -
  2. NTFS check : Windows verifies the NTFS permissions needed for accessing the file or folder.

Both checks need to succeed in order to gain access.

(I note that deleting administrative shares has nothing to do with the above. It might be a good idea (or bad one, depending) if your local network environment is hostile.)

Solution 3:

You ask two questions, so there are two answers:

In a Windows NTFS only environment, if I wanted to use NTFS alone to share folders on a LAN, could I do that?

No. NTFS is only a disk layout and not a network protocol. You will always need something like SMB (built-in Windows file sharing) or SFTP to make the files accessible over the network.

The sentences in bold are confusing. Fos instance, if Share permissions are often used for managing computers with FAT32 file systems does this not imply that, in a NTFS-only environment, I don't need Share permissions and I can rely on NTFS permissions only?

Yes. Share permissions are optional to use – you can just set them to "Everyone: Full control" at share level. (NTFS permissions will always be honored, and access is only granted if both mechanisms allow it.)

More or less, SMB share permissions only exist because they already existed in Windows 98 (e.g.), which did not have NTFS nor filesystem level permissions.

with the exception of one answer, which seems to suggest it is possible to use NTFS only:

It does not suggest that! It suggests that it is possible to use NTFS permissions only (instead of SMB share-level permissions), but it does not say anything about NTFS performing all the other functions of SMB, namely, actual network communications.

Solution 4:

You seem to be asking this question:

Can I access files on ComputerA from ComputerB without sharing them because the files are on NTFS?

The answer is no.

A caveat is that Windows generally has administrative shares accessible for drives such as \\mycomputer\c$ for the C: drive available to administrators without you having to manually create a share, but the files are really 'being shared' and you're using shares (just built-in ones) so that doesn't count.

The sharing (including administrative shares) is what allows access from other computers. NTFS is just a file system organizing data on your hard drive. When you want to connect to Computer A from Computer B, it needs to connect over the network. That process is called sharing.

A lot of what you are linking to seems to be about permissions. NTFS has a built-in permissions system while FAT32 does not. So if you use FAT32 the only protection you have is by controlling who has access to the share.

Let's call you 'Alice' and your computer 'ComputerA' and your friend 'Bob' and his computer 'ComputerB'. On your ComputerA you have a drive D: that is FAT32 and these directories:

  • D:\Data\Public - things you want to share with Bob
  • D:\Data\Private - things you don't want Bob to see

If you want to keep Bob from seeing the Private folder then you must not give him access to any share containing that folder. You could share the Public folder with access for Everyone and share the Private folder restricting access to your own account. If you shared the Data folder with Bob then there's nothing keeping him from looking in the Private folder because FAT32 lacks permissions.

If you are using NTFS however, you can use the NTFS permission model to protect the Private directory so only your account has access. Now you can just create a 'Data' share for both you and Bob. If you restrict access to the Private folder using NTFS permissions, Bob will be able to see that it exists, but not access it. You can use the same share and access the Private folder because your user has permissions.

Related

Why BitTorrent uploads simultaneously? [duplicate]
How do I stop the "configuring Visual Studio..." message when opening Microsoft Office applications?
How to use new std::byte type in places where old-style unsigned char is needed?
Routing App Coverage File [closed]
What does it mean http request body?
Add subdirectory of remote repo with git-subtree
Git .gitignore to ignore only folder in root directory
Converting video to HTML5 ogg / ogv and mpg4 [closed]
Can you install a standalone TFS client that doesn't need Visual Studio?
How do I exclude types and methods from being covered by dotCover in TeamCity?
NSAssert vs. assert: Which do you use, and when?
What is /var/www/html? [closed]