Technology Notebook

Windows::NTFS Permissions

From: Windows IT Library

NTFS Permissions and Files



NTFS
file permissions are used to control the access that a user, group, or
application has to files. This includes everything from reading a file to
modifying and executing the file. There are five NTFS file permissions:

1. Read




2. Write




3. Read & Execute




4. Modify




5. Full Control

The five NTFS file permissions are also
listed in Table 1 with a description of the access that is allowed to the
user or group when each permission is assigned. As you can see, the permissions
are listed in a specific order. They all build upon each other.

TABLE 1: NTFS FILE PERMISSIONS
NTFS File Permission	Allowed Access
Read	This allows the user or group to read the file and view its attributes, ownership, and permissions set.
Write	This allows the user or group to overwrite the file, change its attributes, view its ownership, and view the permissions set.
Read & Execute	This allows the user or group to run and execute the application. In addition, the user can perform all duties allowed by the Read permission.
Modify	This allows the user or group to modify and delete a file including perform all of the actions permitted by the Read, Write, and Read and Execute NTFS file permissions.
Full Control	This allows the user or group to change the permission set on a file, take ownership of the file, and perform actions permitted by all of the other NTFS file permissions.

If a user needs all access to a file
except to take ownership and change its permissions, the Modify permission can
be granted. The access allowed by the Read, Write, and Read & Execute are
automatically granted within the Modify permission. This saves you from
assigning multiple permissions to a file or group of files. In later
discussions in this chapter you will see what happens when multiple NTFS file
permissions are assigned and applied and how you can determine the net access
the user or group has to that file or folder.

NOTE: A file's attributes are properties of the file such as Read-Only, Hidden, Archive, and System. The System attribute is usually applied only to operating system boot files.

NTFS Permissions and Folders


NTFS Folder permissions allow what access is granted to a folder and the files and
subfolders within that folder. These permissions can be assigned to a user or
group. This topic defines each NFTS folder permission and its effect on a
folder. Table 2 displays a list of the NTFS file permissions and the access
that is granted to a user or group when each permission is applied.

TABLE 2: NTFS FOLDER PERMISSIONS
NTFS File Permission	Allowed Access
Read	This allows the user or group to view the files, folders, and subfolders of the parent folder. It also allows the viewing of folder ownership, permissions, and attributes of that folder.
Write	This allows the user or group to create new files and folders within the parent folder as well as view folder ownership and permissions and change the folder attributes.
List Folder Contents	This allows the user or group to view the files and subfolders contained within the folder.
Read & Execute	This allows the user or group to navigate through all files and subfolders including perform all actions allowed by the Read and List Folder Contents permissions.
Modify	This allows the user to delete the folder and perform all activities included in the Write and Read & Execute NTFS folder permissions.
Full Control	This allows the user or group to change permissions on the folder, take ownership of it, and perform all activities included in all other permissions.

Notice that the only major difference
between NTFS file and folder permissions is the List Folder Contents NTFS
folder permission. By using this NTFS folder permission you can limit the
user's ability to browse through a tree of folders and files. This is useful
when trying to secure a specific directory such as an application directory. A
user must know the name and location of a file to read or execute it when this
permission is applied to its parent folder.