NTFS Permissions
Planning Permissions
| All NTFS file permissions are added together except when a deny is encountered. DENY wipes out all other occurrences of the permission |
Inheritance
By default permissions on a parent folder are inherited by subfolders and files in that folder
You can prevent this happening by unchecking the allow inheritable permissions check box
Every file or folder created on an NTFS volume has an owner. When a user creates a file, the user becomes the owner of that file and can set permissions on it to allow others access to the file. And when a user installs a printer, the user becomes the owner of the printer. Objects in Active Directory also have owners and can be assigned permissions as well.
Ownership cannot be given; it can only be taken. In order to assume ownership of a file or other object, a user needs Take Ownership permission. If the owner grants this permission on a file to another user, that user can then take ownership of the first user's file. Administrators, however, have the power to take ownership of any object that they can manage (anything except system objects essentially.
NTFS
permissions are cumulative
If a user is a member of 2 groups and one gives them Read permission to the
folder and the other gives them Write permission to the same folder, what
is the user’s permission?
The user has both Read and Write!
File v Folder Permissions
If a user
has Write permission to a file but only Read permission to the folder the
file is in, what is their permission to the file?
Their permission is Write because file permissions override folder permissions.
Denying Permissions
You can
deny permissions to a user or group
Denying a permission overrides all other instances
of that permission
If a user is a member of 2 groups and one denies them Write permission to
the folder and the other gives them Write permission to the same folder, can
the user write?
No, they can’t.