When you share a folder with Everyone, you seem to have unexpected results

Applies to: Windows 7 Home BasicWindows 7 Home PremiumWindows 7 Professional

Symptoms


Consider the following scenario. To try to share a folder with Everyone and apply Read permissions to the folder, you follow these steps:
  1. Right-click the folder, and then click Properties.
  2. Click the Sharing tab, and then click Share to open the File Sharing dialog box.
  3. In the File Sharing dialog box, type Everyone in the box, and then click Add. By default, Read permissions are applied for the Everyone object.
  4. Click Share, and then click Done.
After you follow these steps, you expect that the folder is shared with Everyone and that Read permissions are applied. To verify this, you follow these steps:
  1. Right-click the folder, and then click Properties.
  2. Click the Sharing tab, and then click Advanced Sharing to open the Advanced Sharing dialog box.
  3. The Advanced Sharing dialog box may show the permissions as Full Control for Everyone.
This scenario may be confusing because you might expect to see Read permissions in this dialog box. This scenario is more likely to occur when you share a folder for which sharing permissions are not already configured. For example, the scenario does not occur for a folder that is a subfolder in the user's profile, such as a folder on the desktop.

Cause


This issue occurs because the File Sharing dialog box and the Advanced Sharing dialog box show different sharing settings that are based on different security descriptors. These dialog boxes operate on, and return information from, different security descriptors. This issue does not create a security vulnerability because the effective security permissions are the most restrictive combination of the descriptors. Therefore, in this scenario, the effective permissions are Read for Everyone.