NTFS permissions (Windows 2000)


Definition of NTFS permissions (Windows 2000) in Network Encyclopedia. Set of permissions to secure folders and files.

What are NTFS permissions on Windows 2000?

NTFS permissions are a set of permissions used in Microsoft Windows 2000 to secure folders and files located on an NTFS file system partition or volume. NTFS permissions provide security for both local and network access to the file system.



They are different from shared folder permissions, which can be applied only to folders and which secure the file system for network access only, not for local access.

How It Works

NTFS permissions in Windows 2000 differ depending on whether they are applied to files or to folders. The five standard file permissions and six standard folder permissions are listed in the following tables. These standard file and folder permissions are actually composed of various groupings of the 18 different special permissions – for more information, see the entry on NTFS special permissions (Windows 2000). These groupings simplify the job of securing files and folders on NTFS file system partitions and volumes.

Standard NTFS File Permissions in Windows 2000

File PermissionUser Access Granted
readOpen the file and view its permissions, attributes, and ownership
writeModify the file, modify its attributes, and view its permissions, attributes, and ownership
read & executeDelete the file and do everything read permission allows
modifyDelete the file and do everything read & execute and write permissions allow
full controlTake ownership, modify permissions, and do everything modify permission allows




Standard NTFS Folder Permissions in Windows 2000

Folder PermissionUser Access Granted
readView contents of folder and view its permissions, attributes, and ownership
writeCreate new files and folders in the folder, modify its attributes, and view its permissions, attributes, and ownership
list folder contentsView contents of folder
read & executeView subfolders within the folder and do everything read and list folder contents permissions allow
modifyDelete the folder and do everything read & execute and write permissions allow
full controlTake ownership, modify permissions, and do everything modify permission allows




To use these standard permissions to secure a file or folder you must be the object’s owner, have full control of the object, or be a member of the Administrators system group. You must explicitly assign a permission to a file or folder for the permission to be granted. If no permission is specified for a given user or group, the user or group has no access to the file or folder. When you explicitly assign a permission you can choose to either allow or deny the permission.

When you create a file or folder on an NTFS file system volume, it inherits the permissions of its parent folder or volume. When you assign a permission to a parent folder or volume, you have the option of propagating that permission to all of its child folders and files.

The following rules apply to assigning permissions for files and folders on NTFS file system volumes:

  • If a user belongs to two or more groups and the groups have different permissions on a given folder, the user’s effective permission is the least restrictive (most permissive) of the permissions. For example, if a user has read permission on a file and a group the user belongs to has modify permission, the effective permission is modify, which is the least restrictive of the two.
  • A permission explicitly denied overrides a similar permission explicitly allowed. For example, if a user has read permission on a file and a group the user belongs to has been denied read permission, the user cannot open and read the file.
  • A permission for a file overrides a similar permission for the folder containing the file. For example, if a user has modify permission on a file and read permission on the folder containing the file, the user can open, read, edit, and save changes to the file.
NTFS Permissions on Windows 2000

NOTE


The differences between NTFS standard permissions for Windows 2000 and for Windows NT include the following:

  • Windows 2000 has six folder permissions; Windows NT has seven.
  • Windows 2000 has five file permissions; Windows NT has four.
  • In Windows 2000 you can explicitly grant or explicitly deny any standard file or folder permission. In Windows NT you can only explicitly grant a permission (but you can explicitly grant no access as a permission).



Formatting a partition using NTFS


When you format a partition or volume using NTFS, the Everyone system group is automatically assigned full control permission for the root of the volume. Any new files or folders you create on the volume inherit this permission. Be aware that leaving full control for everyone might create a security risk; you should replace it with more suitable permissions such as full control for the Authenticated Users special identity.

See also

Editor

Articles posted after being checked by editors.

Recent Content

link to Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure, also known as PKI, is a set of services that support the use of public-key cryptography in a corporate or public setting. A public key infrastructure (PKI) enables key pairs to be generated, securely stored, and securely transmitted to users so that users can send encrypted transmissions and digital signatures over distrusted public networks such as the Internet.
link to Digital Signature

Digital Signature

Digital Signature is an electronic signature that you can use to sign a document being transmitted by electronic means such as e-mail. Digital signatures validate the identity of the sender and ensure that the document they are attached to has not been altered by unauthorized parties during the transmission.