NTFS Permissions Notes

What is NTFS?

  • NTFS (New Technology File System) is the default file system for Windows OS.
  • It provides the foundation for security through user permissions, determining access to resources.

Understanding NTFS Permissions

  • NTFS permissions: rules defining access levels for file system objects (files, folders).
  • Control access to files and folders on NTFS volumes.
  • Effective locally or over a network, unlike share permissions.

NTFS and Share Permissions

  • Share Permissions:
    • Apply to users accessing shared folders via a network.
  • NTFS Permissions:
    • Apply to users logging on locally or remotely.

Controlling Access to NTFS Folders

  • NTFS folder permissions manage access to folders and their subfolders/files.
  • It's more efficient to assign permissions to folders than individual files.

NTFS Permissions Types

  • Folder Permissions:
    • Read
    • Write
    • List Folder Contents
    • Read & Execute
    • Modify
    • Full Control
  • File Permissions:
    • Read
    • Write
    • Read & Execute
    • Modify
    • Full Control

Basic NTFS Permissions: Descriptions

  • Full Control: View, change files, create new, run programs.
  • Modify: Change files, cannot create new.
  • Read & Execute: View contents and run programs.
  • Read: View folder and open files.
  • Write: Create/modify files.
  • List Folder Contents: View directory and files.

Access Control List (ACL)

  • Each file/folder has an ACL listing users/groups and their access rights.

Managing Multiple NTFS Permissions

  • Permissions can combine from user accounts and groups.
  • Effective permissions are cumulative.
  • Example: If one has Read and belongs to a group with Write, they have both.

Priority of NTFS Permissions

  • File permissions override folder permissions.
  • Deny permissions take precedence over allowed permissions.
  • More restrictive permissions apply when combining share and NTFS permissions.

Permissions Inheritance

  • By default, NTFS permissions are inherited from parent folders to children.
  • Inheritance can be prevented if necessary.

Explicit and Inherited Permissions

  • Explicit: Set directly on an object.
  • Inherited: Passed down from a parent object.
  • Conflict resolution: Explicit permissions process first.

Preventing Permissions Inheritance

  • Set to block inheritance allows specific permissions on a folder.
  • This folder becomes top-level for permissions.

Copying/Moving Folders

  • Moving a folder within the same NTFS volume retains original permissions.
  • Moving between different NTFS volumes can change permissions.
  • Specific rules dictate when permissions change, important for resource access.

Troubleshooting Permissions Issues

  1. Check user access rights.
  2. Review group memberships.
  3. Determine if deny permissions override other rights.

Best Practices for NTFS Permissions

  • Assign the least permissive rights necessary.
  • Prefer allowing permissions over denying.
  • Group-based assignment facilitates management.
  • Standard permissions generally suffice, consider special permissions for finer control.

Guidelines for Assigning Permissions

  • Consistently apply a method for all administrators.
  • Document and clarify group access needs.
  • Regularly review permissions for modifications based on access needs.

Using the Security tab to Assign Permissions

  • Administrators, users with Full Control, or owners can modify permissions through the Security tab in Properties.

Group Assignment Approach

  • Create groups (e.g., Read, Read & Write) to manage access collectively rather than individually.
  • Add users to appropriate groups to regulate access efficiently.

Sharing and Accessing Permissions

  • Locate folders, set sharing settings, and assign NTFS permissions through Windows Explorer.
  • Users need to follow specific paths to access shared resources appropriately.