Advanced NTFS Permissions

Posted on by

Much time can be saved by making use of Advanced NTFS File Permissions. I found the following article at builderau.com.au which gives a good description of Advanced NTFS permissions.

You can also see some other information on basic permissions and some recommendations in my earlier post.

Traverse Folder/Execute File: Users can navigate through folders to reach other files or folders, even if they have no permissions for the traversed files or folders. The Traverse Folder permission takes effect only when the group or user doesn’t have the Bypass Traverse Checking user right in the Group Policy snap-in. (By default, the Everyone group has the Bypass Traverse Checking user right.)

List Folder/Read Data: Users can view a list of a folder’s contents and data files.

Read Attributes: Users can view the attributes of a file or folder, such as read-only and hidden. (NTFS defines these attributes.)

Read Extended Attributes: Users can view the extended attributes of a file or folder. (Defined by programs, extended attributes may vary.)

Create Files/Write Data: The Create Files permission allows users to create files within the folder. (This permission applies to folders only.) The Write Data permission allows users to make changes to the file and overwrite existing content. (This permission applies to files only.)

Create Folders/Append Data: This Create Folders permission allows users to create folders within a folder. (This applies to folders only.) The Append Data permission allows users to make changes to the end of the file, but they can’t change, delete, or overwrite existing data. (This applies to files only.)

Write Attributes: Users can change the attributes of a file or folder, such as read-only or hidden. (NTFS defines these attributes.)

Write Extended Attributes: Users can change the extended attributes of a file or folder.

Delete: Users can delete the file or folder. (If users don’t have the Delete permission on a file or folder, they can still delete it if they have the Delete Subfolders And Files permission on the parent folder.)

Read Permissions: Users have reading permissions of the file or folder, such as Full Control, Read, and Write.

Change Permissions: Users have changing permissions of the file or folder, such as Full Control, Read, and Write.

Take Ownership: Users can take ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.

This entry was posted in FileStore, Security by James. Bookmark the permalink.

About James

I am an Infrastructure Systems Administrator in the Infrastructure Systems Group (ISG) within ISS. We are responsible for a number of the core services which support the IT Infrastructure of the University including Active Directory, Exchange, DNS, Central Filestore, VMware and SQL. I hold number of current Microsoft Certifications and am also a Symantec Certified Specialist (Netbackup) http://twitter.com/JamesAPocock

Leave a Reply

Your email address will not be published. Required fields are marked *