Microsoft Certified Professional Developer/Exam 70-290: Managing and Maintaining a Microsoft Windows Server 2003 Environment/Configure File System Permissions
Jump to navigation
Jump to search
This page is still UNDER CONSTRUCTION |
NTFS Permissions[edit | edit source]
NTFS Permissios are used to control who has access to files and folders, and what they can do with them.
- They can only be used on NTFS volumes (not FAT or FAT32)
- They apply whether the files and folders are accessed locally or over a network
- Note: Share permissions only apply to network access and cannot be used to control local access
Standard NTFS Folder Permissions[edit | edit source]
Permission | Allows the following... |
---|---|
List Folder Contents | See the names of subfolders and files within the folder |
Read | View files and subfolders within the folder, view attributes (e.g. Hidden, Read Only) and view permissions |
Read & Execute | Grants the same permissions as Read and List Folder Contents, and also allows you to move through folders to reach other files, even if you do not have permission for those folders |
Write | Create new subfolders and files within the folder, change attributes and view folder ownership and permissions
Does not grant any Read permissions! |
Modify | Grants the same permissions as Read & Execute and Write, and also allows you to delete the folder |
Full Control | Grants the same permissions as Modify, but also allows you to delete or take ownership of the folder, subfolders and files |
Standard NTFS File Permissions[edit | edit source]
Permission | Allows the following... |
---|---|
Read | Read the contents of the file, view attributes (e.g. Hidden or Read Only) and view permissions |
Read & Execute | As for Read, but also allows you to run applications |
Write | Overwrite the file, change attributes, view file ownership and permissions |
Modify | As for Read and Write, but also allows you to delete the file |
Full Control | As for Modify, but also allows you to change permissions and take ownership |
Special NTFS Permissions[edit | edit source]
Comparison of NTFS Permissions[edit | edit source]
Permissions Inheritance[edit | edit source]
By default, permissions for subfolders and files are inherited from the parent folder. You can prevent files and folders from inheriting permissions:
- Right-click a file or folder
- Choose Properties
- Go to the Security tab and click the Advanced button
- This will open the Advanced Security Settings dialog box
- Untick the "Inherit from parent..." checkbox at the bottom
- At this point you can either copy the permissions from the parent folder (in order to modify them), or clear all permissions from the selected file or folder (in order to set new permissions from scratch)
Effective Permissions[edit | edit source]
Generally, when a user is a member of more than one group which has permissions set on a file or folder, their effective permissions on that object are the sum of the permissions assigned to them. However, there are a few additional rules to take into account:
- Deny permissions override Allow permissions
- File permissions override Folder permissions
- Explicit permissions override Inherited permissions
The order of precedence for permissions is:
- Explicit Deny overrides
- Explicit Allow overrides
- Inherited Deny overrides
- Inherited Allow