Windows File and Print Services - MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration

Information Technology Reference

In-Depth Information

only way to secure files accessed through the network. NTFS permissions protect file accesses via

the network and interactively.

NTFS Permissions

NTFS permissions give both network users and interactive users fine-grained access control over

folders and files. Unlike share permissions, which can be configured only on a shared folder,

NTFS permissions can be configured on folders and files. By default, when permissions are con-

figured on a folder, subfolders and files in that folder inherit the permissions. However, inherited

permissions can be changed when needed, making it possible to have different permission set-

tings on files in a folder.

Permissions and permission inheritance, as they pertain to Active Directory objects, were

discussed in Chapter 4, and they work much the same way when applied to NTFS folders and

files. Perhaps the biggest difference between setting Active Directory and NTFS permissions is

that there's no Delegation of Control Wizard for NTFS folders. To view or edit permissions on

an NTFS folder or file, you simply access the Security tab of the object's Properties dialog box.

Unlike share permissions, which have only three permission levels, NTFS folders have six

standard permissions, and NTFS files have five. Folders also have 14 special permissions, and

files have 13. Special permissions aren't completely separate from standard permissions, how-

ever. Each standard permission is really a grouping of special permissions, as you see later.

NTFS standard permissions for folders and files are as follows (see Figure 6-9):

• Read —Users can view file contents, copy files, open folders and subfolders, and view file

attributes and permissions. However, unlike the Read permission in share permissions, this

permission doesn't allow users to run applications or scripts.

• Read & execute —Grants the same permissions as Read and includes the ability to run

applications or scripts. When this permission is selected, List folder contents and Read are

selected, too.

• List folder contents —This permission applies only to folders and grants the same permis-

sion as Read & execute. However, because it doesn't apply to files, Read & execute must

also be set on the folder to allow users to open files in the folder.

6

Figure 6-9

NTFS standard permissions

Search WWH ::

Custom Search

Home