PC Help Jansant - Windows 2000 Local NTFS Permissions Guide
Main Menu
Home Page
Computer Guides
Computer Dictionary
Network Setup
Tips and Tricks
Internet Guide
Freeware/Shareware
PC Upgrade Guide
PC Maintenance
Support Forum
HTML Guide
Windows 2000 Local NTFS Permissions
Local NTFS permissions are only available if you are using the NTFS file
system, they are not available if your using the FAT filing system. File
permissions are configured within the "Properties" sheet of
a file, select the "Security" tab. These permissions include
"Full Control", "Read & Execute", "Modify",
"Read", and "Write". These file permissions are made
up of individual permissions group together to make administration easier.
If you assign the permission "Modify" you have actually given
that file a group of permissions. File permissions will impact that file
only. See table below. Local NTFS permission are applied to users on the
local machine.
|
Special Permission |
Full Control |
Modify |
Read & Execute |
Read |
Write |
|
Traverse Folder, Execute File |
X |
X |
X |
|
|
|
List Folder, Read Data |
X |
X |
X |
X |
|
|
Read Extended Attributes |
X |
X |
X |
X |
|
|
Read Attributes |
X |
X |
X |
X |
|
|
Create Folders, Append Data |
X |
X |
|
|
X |
|
Create Files, Write Data |
X |
X |
|
|
X |
|
Write Attributes |
X |
X |
|
|
X |
|
Write Extended Attributes |
X |
X |
|
|
X |
|
Delete Subfolders and Files |
X |
|
|
|
|
|
Delete |
X |
|
|
|
|
|
Read Permissions |
X |
X |
X |
X |
X |
|
Take Ownership |
X |
|
|
|
|
|
Change Permissions |
X |
|
|
|
|
|
Synchronise |
X |
X |
X |
X |
X |
Note: Extended attributes are generated by programs and differ from
system attributes.
Folder permissions are again set via the "Properties" sheet
of the folder by selecting the "Security" tab. Folder permissions
have an additional special permission "List Folder Contents".
Folder permissions include "Full Control", "Read &
Execute", "List Folder Contents", "Read", and
"Write". Again these are groupings of individual permissions.
Folder permissions can impact the permissions of files and subfolders
within it. See table below.
|
Special Permission |
Full Control |
Modify |
Read & Execute |
List Folder Contents |
Read |
Write |
|
Traverse Folder, Execute File |
X |
X |
X |
X |
|
|
|
List Folder, Read Data |
X |
X |
X |
X |
X |
|
|
Read Attributes |
X |
X |
X |
X |
X |
|
|
Read Extended Attributes |
X |
X |
X |
X |
X |
|
|
Create Folders, Append Data |
X |
X |
|
|
|
X |
|
Create Files, Write Data |
X |
X |
|
|
|
X |
|
Write Extended Attributes |
X |
X |
|
|
|
X |
|
Write Attributes |
X |
X |
|
|
|
X |
|
Delete Subfolders and Files |
X |
|
|
|
|
|
|
Delete |
X |
X |
|
|
|
|
|
Read Permissions |
X |
X |
X |
X |
X |
X |
|
Change Ownership |
X |
|
|
|
|
|
|
Synchronise |
X |
X |
X |
X |
X |
X |
|
Take Ownership |
X |
|
|
|
|
|
NTFS folder and file permissions are set simply by allowing or denying.
A users effective permission to a file or folder is the accumulation of
all the permissions the user has. The exception to this is the Deny permission.
If the user has the Deny permission or as a result of being a member of
a group has the Deny permission, this overrides all other permissions.
If the user has both an NTFS permission and a share
permission applied to the same object, the most restrictive applies.
You can set individual permissions rather than the grouping of permissions
by clicking the "Advanced" tab in the folder or file "Properties"
sheet. Left click the "Advanced" button near the bottom left
of the "Security" tab, highlight the user you wish to further
control and select View/Edit.
The table below explains what each folder or file permission allows or
doesn't allow.
|
Traverse Folder, Execute File |
Allows or denies browsing through folders to reach other files or folders. |
|
List Folder, Read Data |
List folder allows or denies viewing file or subfolder names. Read data allows or denies reading data in a file. |
|
Read Attributes |
Allows or denies viewing the attributes of a file or folder. |
|
Read Extended Attributes |
Allows or denies viewing the extended attributes of a file or folder. |
|
Create Folders, Append Data |
Create folders allows or denies creating folders within a folder. Append data allows or denies appending new data to a file without changing existing data in a file. |
|
Create Files, Write Data |
Create files allows or denies creating files in a folder. Write data allows or denies appending new data to a file and overwriting existing data in that file. |
|
Write Extended Attributes |
Allows or denies changing extended attributes of a file or folder |
|
Write Attributes |
Allows or denies changing attributes of a file or folder. |
|
Delete Subfolders and Files |
Allows or denies deleting subfolders and files. |
|
Delete |
Allows or denies deleting a file or folder. |
|
Read Permissions |
Allows or denies reading permissions on the folder or file. |
|
Change Ownership |
Allows or denies changing ownership of the file or folder. |
|
Synchronise |
Allows or denies different threads to synchronise with other threads. |
|
Take Ownership |
Allows or denies taking ownership of a file or folder. |
When a user creates a file, they are the owner of the file. An administrator
or many other users for that matter can see who the owner of that file
is.
Permission Inheritance
Files and folders can inherit permissions from their parent object. A
directory in the path of D:\alldata, D:\ would be the parent object. If
you wish to create permissions for the alldata directory that are different
to the parent object D:\ untick "Allow inheritable permissions from
parent directory to propagate to this object". Consider this very
carefully as important permissions may have already been inherited from
the parent object. This could especially be the case with system and program
files and folders.
Adding users and groups, adding users
to groups.
Web-Site Administrators Local Time
Subscribe
Now - to PC Help Jansant for Special Offers on Software and Hardware
feedback - terms of use - contact - sitemap - advertise - webmasters
©PC Help Jansant