Peters MCSA Study Guide NTFS File & Folder Permissions

NTFS File & Folder Permissions

NTFS folder permissions

NTFS security treats files and directories as objects. Each file or directory has an ACL, and users or groups can be given permission to access it.. FAT partitions do not support security.

To modify permissions for a file or directory, right-click on it in Explorer. Select the Security tab, then click the Permissions button to display the Permissions dialog.

Standard NTFS Folder Permissions
Folder Permission	Description
Read	View contents of folder and view its permissions, attributes, and ownership
Write	Create new files and folders in the folder, modify its attributes, and view its permissions, attributes, and ownership
List Folder Contents	View contents of folder only
Read & Execute	Go into subfolders within the folder plus do everything Read and List Folder Contents permissions allow
Modify	Delete the folder and do everything Read & Execute and Write permissions allow
Full Control	Take ownership, modify permissions, and do everything that Modify permission allows

NTFS FILE & FOLDER PERMISSIONS

NTFS file permissions

Standard NTFS File Permissions
File Permission	Description
Read	Open the file and view its permissions, attributes, and ownership
Write	Modify the file, modify its attributes, and view its permissions, attributes, and ownership
Read & Execute	Execute the file, plus do everything Read permission allows
Modify	Delete the file and do everything Read & Execute and Write permissions allow
Full Control	Take ownership, modify permissions, and do everything Modify permission allows

Multiple NTFS Permissions

If a user is a member of more than one group that is assigned rights to a file or a directory, those rights added together make up his effective permissions.

All NTFS file permissions are added together except when a deny is encountered. DENY wipes out all other occurrences of the permission

Special Permissions

These permissions give administrators the highest degree of control over how users can access files and folders stored on NTFS volumes. By selecting different sets of special permissions, administrators can create custom permissions for files or folders that need special access control.

NTFS FILE & FOLDER PERMISSIONS

The 18 NTFS special permissions.

NTFS Special Permissions for Files and Folders
Special Permission	Description
Folders Only
Traverse Folder	Lets you go into the folder to other files and folders, even if you have no permissions on intermediate subfolders
List Folder	Lets you view the names of subfolders and files in the folder
Create Files	Lets you create files in the folder
Create Folders	Lets you create subfolders within the folder
Files Only
Execute File	Lets you execute the file
Read Data	Lets you read the file
Write Data	Lets you modify the file
Append Data	Lets you append to the file (you cannot modify existing data, only append)
Both Folders and Files
Read Attributes	Lets you view the attributes of the file or folder (attributes include Read-only, Hidden, System, and Archive)
Read Extended Attributes	Lets you view custom attributes that may be defined by certain applications for the file or folder
Write Attributes	Lets you modify the attributes of the file or folder
Write Extended Attributes	Lets you modify custom attributes that may be defined by certain applications for the file or folder
Delete Subfolders and Files	Lets you delete subfolders or files
Delete	Lets you delete the file or folder (even if this permission is denied on a file, you can delete it if its parent folder has been granted Delete Subfolders and Files permission)
Read Permissions	Lets you view the permissions on the file or folder
Change Permissions	Lets you modify the permissions on the file or folder
Take Ownership	Lets you take ownership of the file or folder
Synchronize	Lets threads in multithreaded programs wait on the file or folder handle and synchronize with another thread that signals it

File Permissions as Combinations of Special Permissions
Special Permission	Read	Write	Read & Execute	Modify	Full Control
Read Data	YES		YES	YES	YES
Read Attributes	YES		YES	YES	YES
Read Extended Attributes	YES		YES	YES	YES
Read Permissions	YES	YES	YES	YES	YES
Synchronize	YES	YES	YES	YES	YES
Write Data		YES		YES	YES
Append Data		YES		YES	YES
Write Attributes		YES		YES	YES
Write Extended Attributes		YES		YES	YES
Execute File			YES	YES	YES
Delete				YES	YES
Delete Subfolders and Files					YES
Change Permissions					YES
Take Ownership					YES

File Permissions Versus Folder Permissions

Microsoft has grouped these special permissions into two different sets: folder permissions, for securing folders and their files and subfolders, andfile permissions, for securing individual files within folders (and overriding folder permissions).

Home Page	Subnets and Subnet Masks	NTFS File & Folder Permissions
Permissions	Create a Home Folder	Group Policies
DFS & Auditing	Printing	User Profiles
OSI Layers	Network Components	Winnt .exe command prompts
WINS	Create a Roaming Profile	Domain Groups
IP Address Resolution	Interrupt Requests	MCSA Related Freeware Utils
IP Sec	Remote Access	DNS
Sites

Last Updated 21 February, 2004

Please Email [email protected]

Standard NTFS Folder Permissions

Standard NTFS File Permissions

Special Permissions

NTFS Special Permissions for Files and Folders

File Permissions as Combinations of Special Permissions