NTFS Basic File and Directory Permissions
Read (R) |
Allows you to look at or view files or
folders. |
Write (W) |
Allows you to create a file or folder. |
Execute (X) |
Allows you to traverse directories, run
programs, open files. |
Delete (D) |
Allows you to delete files or folders. |
Change Permissions (P) |
Change the permissions on files or folders |
Take Ownership (O) |
Take Ownership of files or folders. |
Share Permissions
No Access |
No access, period. |
Read |
View directories and files, open directories
and files, traverse
directories, execute program files. |
Change |
The Read permission plus… add and
delete files and subdirectories,
modify files and subdirectories. |
Full Control |
The Change permission plus… modify
permissions on files and
directories, and take ownership |
NTFS Standard Permissions for Folders
Note: The 1st sets of parentheses indicate basic permissions
on the folder,
the 2nd set indicate basic permissions on the files in the folders.
No Access (None) (None) |
No Access, period. |
List (RX) |
Can view directories, subdirectories and their
files, navigate directory structure and view file and directory
permissions.
|
Read (RX) (RX) |
View files and subdirectories in a directory,
traverse the directory structure, view attributes of files,
and view permissions and owner of directories. Allows
you to open or execute files and programs. |
Add (WX) |
Allows you to write files to a directory and it's
subdirectories. You cannot view subdirectories, or view files
in the directory or it's subdirectories. |
Add and Read (RWX) (RX) |
Allows you to add files to a directory, traverse
the directory structure, view files in the directory and subdirectories,
open files and run programs. |
Change (RWXD) (RWXD) |
You can read, write, create, delete and modify
the directory, subdirectories and files. |
Full Control (ALL) (ALL) |
The change permission plus… change folder
and file permissions, and take ownership. |
Special Directory Access |
Assign the individual basic permissions to a folder. |
Special Files Access |
Assign the individual basic permissions to a file. |
|
|
NTFS Standard Permissions for Files
No Access |
No Access, period. |
Read |
View files and open a file. You cannot run programs
(.exe, .com, bat, etc.) |
Change |
You can view, write, create, delete, modify and
open the file. You can also run program files. |
Full Control |
The Change permission plus… change file permissions,
take ownership.
Special Access Assign the individual basic permissions to a
file. |
Terms
View:
Means to look at. If you can view a file or folder, you can see
it.
Open:
If you can open a .doc file, then double clicking on it will open
the file
In Word. If it is a .txt file, it will open in Notepad. Opening
a directory
allows you to see the contents of the directory.
Run:
To start a program file. Double clicking on notepad.exe will run
or
start Notepad.
Traverse:
To move up and down. Navigate a directory and it's subdirectories.
Note:
The "Bypass Traverse Checking" right that is by default
assigned to
The Everyone group, allows you to traverse a directory structure
even
If you don't have the Execute (X) Directory permission…. Unless
your
permissions explicitly don't allow it. For example, the Add permission.
|
NTFS file permissions for groups add up. If group
A has the Read permission for a directory,
and Group B had the Change permission for that same directory,
then a person who is in both Group A and Group B will have the
Read and Change permissions for that directory.
(Effectively, they have the Change permission, since Change
includes Read) |
|
No Access overrides all other permissions. If
group A has the No Access permission for a directory, and Group
B has the Change permission for that same directory, then a
person who is in both Group A and Group B will have the No Access
permission for that directory. |
|
When combining Share permissions and NTFS file
permissions, the more restrictive takes precedence. |
|
File permissions override directory permissions.
If you have Read permissions for a directory, and in that directory
there is a file that your Read permission was removed from,
you will not be able to read that file. This will not work with
the Delete permission. In the case of Delete, the directory
permission takes precedence. |
|
Files and Directories inherit permissions from
the directory they are created it. |
|
When you copy (or move) a folder that has specifically
been shared (rather than just inheriting sharing from its parent),
the original remains shared, but the copy is reset to Not Shared.
However, if you copy the folder to a drive or folder that is
shared, it will inherit the sharing setting of its new parent
location. |
|
When you copy or move a file or folder from an
NTFS partition to a FAT or FAT32 partition, all NTFS permission
settings are removed, leaving it wide-open for anyone to access. |
|
When you copy to another NTFS partition, or within
the same partition, any old NTFS permissions assigned specifically
to the original are stripped away, and it inherits NTFS permissions
from the new location. In order to copy, you must have Write
permission for the destination. The user doing the copying becomes
the CREATOR OWNER of the copy. |
|
When you move a file or folder to another NTFS
partition, the permissions work just like copying. Any old permissions
are removed, and the file or folder inherits permissions from
the new location. You must have Change permission for the file
or folder being moved and Write permission for the destination
partition or folder. The user doing the moving becomes the CREATOR
OWNER of the file. |
|
When you move a file or folder to a different
location on the same NTFS partition, the moved file or folder
does inherit permissions from the new location, but if there
were any permissions set specifically for that object, they
are retained and they override the new inheritances. You must
have Change permission for the file or folder being moved and
Write permission for the destination partition or folder. The
CREATOR OWNER does not change. |
Permissions for a Users Share
If you want to create user home directories on your NT server, do
this:
1. |
You need to be using the NTFS file system. |
2. |
Create a Users Directory on a one of your partitions,
D:\Users |
3. |
For NTFS File Permissions, assign Administrators
Full Control,
and for the Authenticated Users group (or the Everyone group)
give them
Read (RX) (RX) permissions only, to D:\Users.
|
4. |
Share the D:\Users directory and give it Full
Control Share permissions for the Authenticated Users group
(or the Everyone group).
|
5. |
For the individual user's subdirectory that will be created
under D:\Users,
give each user Full Control NTFS Permissions to their own
directory, and remove any other users from the directory,
except Administrators.
|
|