confusing file sharing in windows

[ilyas001]

hello guys i understand the principles of file permission and inherited permissions but  what confuses me is the sharing , i know that before being able to share a file both the local permissions and the sharing permissions get compared and see if the user will be able to see or use or modify the file but before all of this during the advanced sharing configuration when you have the option to choose permission , there is a default group names everyone that i don't seem to be able to suppress ,  then i can add new groups or members so my question here is why would i add anybody if i have already everyone selected  ? also it seams that i can't take of everyone from the  selection so if i add a user or a group will they follow the everyone group or the new user,groups permissions ?

[ilyas001]

hi guys of you don't understand the question i can be more specific with a screenshot or something

[vaiwalker]

well if you have over a hundred people and are lazy to assign different groups with different permissions, using the everyone group is easier. additional groups maybe, if you have fewer users like in a house, and you can assign different permissions

[ilyas001]

10 hours ago, vaiwalker said:

well if you have over a hundred people and are lazy to assign different groups with different permissions, using the everyone group is easier. additional groups maybe, if you have fewer users like in a house, and you can assign different permissions

what i was searching for is more of answer about if for exemple i add a user let's name it ilyas who have read and modifie, then everyone who can only read , then admins who have full control now does admins and ilyas cont in the everyone anymore ? my whole confusion is with which permissions are gonna be used in this case , also if i don't add admins will they still have full access or not . i'm really trying this at home but i have problems with file sharing itself and i'm waiting for a answer from Microsoft .  thanks

[vaiwalker]

as long as they don't have their name specifically added in the folder options 'security' tab, they belong in 'everyone' i guess. lets say you have a shared folder with permissions for everyone - read only, ilyas - read and modify, admin - full control. a guest is in your house and connects to your shared folder on your pc using their pc, they belong in everyone since their account name is not set yet, therefore they can only read files from the folder. but if you add their name in, lets say into the admin group, they will have admin privileges cuz their user name is recognized by your pc, they can however create another user account in their pc and access the shared folder and will fall under 'everyone'. so as long as they are in a recognized group, the permissions will be applied to their user name. but if they pc can't recognize the user, its's classified as everyone.  

[ilyas001]

16 hours ago, vaiwalker said:

as long as they don't have their name specifically added in the folder options 'security' tab, they belong in 'everyone' i guess. lets say you have a shared folder with permissions for everyone - read only, ilyas - read and modify, admin - full control. a guest is in your house and connects to your shared folder on your pc using their pc, they belong in everyone since their account name is not set yet, therefore they can only read files from the folder. but if you add their name in, lets say into the admin group, they will have admin privileges cuz their user name is recognized by your pc, they can however create another user account in their pc and access the shared folder and will fall under 'everyone'. so as long as they are in a recognized group, the permissions will be applied to their user name. but if they pc can't recognize the user, its's classified as everyone.  

ahh ok so the everyone option is here to make sure even if a new user is here who isn't registered still can have access without the need to create a new account for him , but is this the same for servers too ? because you are talking of a local home scenario , if we talk domains rather then workgroups , is it still relevant ?

[vaiwalker]

sort of the same actually, just that the home environment has much less users. in a domain environment, there are usually GROUPS, due to the high number of users and to ease manageability for administrators. so a system administrator creates a group, and dumps all the users belonging to that group in there. they create various groups. lets say in an office, there could be sales, finance, designers, I.T and etc. so the administrator does this all from the server, he creates the groups with relatable permissions, makes folders in the network, and assigns the appropriate groups to the appropriate folders. so people from each sector can only access folders that they have permission for. like he creates a finance folder, and adds the finance group to that folder's permissions, everyone in the finance group will have whatever access to the finance folder, others wont be able to access it. so normally, 'everyone' is not included in a domain environment. it's there in the list, but usually with all the options unchecked. 

[ilyas001]

17 hours ago, vaiwalker said:

sort of the same actually, just that the home environment has much less users. in a domain environment, there are usually GROUPS, due to the high number of users and to ease manageability for administrators. so a system administrator creates a group, and dumps all the users belonging to that group in there. they create various groups. lets say in an office, there could be sales, finance, designers, I.T and etc. so the administrator does this all from the server, he creates the groups with relatable permissions, makes folders in the network, and assigns the appropriate groups to the appropriate folders. so people from each sector can only access folders that they have permission for. like he creates a finance folder, and adds the finance group to that folder's permissions, everyone in the finance group will have whatever access to the finance folder, others wont be able to access it. so normally, 'everyone' is not included in a domain environment. it's there in the list, but usually with all the options unchecked. 

thanks dude