08 Securing Resources With NTFS Permissions

Revision no.
: PPT/2K403/02
Securing Resources with

NTFS Permissions
(70-270)
Revision no.: PPT/2K403/02
Lesson 1: Understanding and Applying NTFS

Permissions
2
NTFS Folder Permissions
NTFS File Permissions
Access Control List
Multiple NTFS Permissions
NTFS Permissions Inheritance
CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute
NTFS Folder Permissions

3
Read
Write
List Folder Contents
Read and Execute
Modify
Full Control
NTFS File Permissions

4
Read
Write
Read & Execute
Modify
Full Control
Access Control List

5
ACL
ACL NTFS Partition
Read
Read User1
User1
Read
Read
User1
User1
Group1
Group1
Full
Full Control
Control
User2
User2
Full
Full Control
Control
Group1
Group1
Multiple NTFS Permissions

6
NTFS Permissions Are Cumulative

File Permissions Are Separate From Folder Permissions
Deny Overrides Other Permissions
NTFS Partition
Read/Write
Read/Write Folder
Folder AA
Group
Group BB
Write
Write
User1
User1
File1
File1
Read
Read
File2
File2
Group
Group AA
Deny
Deny Write
Write to
to File2
File2
NTFS Permissions Inheritance

7
Permission
Permission Inheritance
Inheritance
Read/Write
Read/Write Folder
Folder AA
Access to File 1
File1
File1
Prevent
Prevent Inheritance
Inheritance
Read/Write
Read/Write Folder
Folder AA
No Access to File 1 File1

File1
Lesson 2: Assigning NTFS Permissions and

Special Permissions
8
Planning NTFS Permission
Setting NTFS Permissions
Planning NTFS Permission

9
Assign permissions only to folders, not to individual files.
Allow users only the level of access that they require
Create groups according to the access that the group

members require for resources, and then assign the
appropriate permissions to the group. Assign permissions to
individual user accounts only when necessary.
When you assign permissions for working with data or

application folders, assign the Read & Execute permission to
the Users group and the Administrators group.
Contd.
10
When you assign permissions for public data folders, assign

the Read & Execute permission and the Write permission to
the Users group and the Full Control permission to the
CREATOR OWNER.
Deny permissions only when it is essential to deny specific

access to a specific user account or group.
Encourage users to assign permissions to the files and folders

that they create and educate them about how to do so.
Setting NTFS Permissions

11
Assigning or Modifying Permissions
Adding Users or Groups
Granting or Denying Special Permissions
Taking Ownership
Preventing Permission Inheritance
Assigning or Modifying Permissions

12
Adding Users or Groups

13
Granting or Denying Special Permissions

14
Taking Ownership
15
You can transfer ownership of files and folders from one user
account or group to another.
You can give someone the ability to take ownership and, as an
administrator, you can take ownership of a file or folder.
Contd.
16
The following rules apply for taking ownership of a file or

folder:
The current owner or any user with Full Control permission can
assign the Full Control standard permission or the Take
Ownership special access permission to another user account or
group, allowing the user account or any member of the group to
take ownership.
An administrator can take ownership of a folder or file, regardless
of assigned permissions. If an administrator takes ownership, the
Administrators group becomes the owner and any member of the
Administrators group can change the permissions for the file or
folder and assign the Take Ownership permission to another user
account or group.
Preventing Permission Inheritance

17
Practice: Planning and Assigning NTFS

Permissions
18
Determining the Default NTFS Permissions for a Folder
Assigning NTFS Permissions
Testing NTFS Permissions
Lesson 3: Solving Permissions Problems

19
Copying Files and Folders
Moving Files and Folders
Troubleshooting Permissions Problems
Avoiding Permissions Problems
Copying Files and Folders

20
Moving Files and Folders

21
Troubleshooting Permissions Problems

22
A user can't gain access to a file or folder.
You add a user account to a group to give that user access to
a file or folder, but the user still can't gain access.
A user with Full Control permission to a folder deletes a file in
the folder, although that user doesn't have permission to
delete the file, itself. You want to stop the user it from being
able to delete more files.
Avoiding Permissions Problems

23
Assign the most restrictive NTFS permissions that still enable

users and groups to accomplish necessary tasks.
Assign all permissions at the folder level, not at the file level.
For all application-executable files, assign Read & Execute and
Change Permissions to the Administrators group, and assign
Read & Execute to the Users group
Assign Full Control to CREATOR OWNER for public data
folders so that users can delete and modify files and folders
that they create.
For public folders, assign Full Control to CREATOR OWNER
and Read and Write to the Everyone group.
Use long, descriptive names if the resource will be accessed
only at the computer.
Allow permissions rather than denying permissions.
Practice: Managing NTFS Permissions

24
Taking Ownership of a File
Copying and Moving Folders
Deleting a File with All Permissions Denied
25
Design & Published by:

CMS Institute, Design & Development Centre, CMS House, Plot No. 91, Street No.7,
MIDC, Marol, Andheri (E), Mumbai 400093, Tel: 91-22-28216511, 28329198
Email: courseware.inst@cmail.cms.co.in
www.cmsinstitute.co.in

08 Securing Resources With NTFS Permissions

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

08 Securing Resources With NTFS Permissions

Uploaded by

Copyright:

Available Formats

Revision no.

Securing Resources with

Lesson 1: Understanding and Applying NTFS

NTFS Folder Permissions

NTFS File Permissions

Access Control List

Multiple NTFS Permissions

NTFS Permissions Inheritance

NTFS Folder Permissions

List Folder Contents

Read and Execute

NTFS File Permissions

Read & Execute

Access Control List

Multiple NTFS Permissions

NTFS Permissions Are Cumulative

NTFS Permissions Inheritance

No Access to File 1 File1

Lesson 2: Assigning NTFS Permissions and

Planning NTFS Permission

Setting NTFS Permissions

Planning NTFS Permission

Assign permissions only to folders, not to individual files.

Allow users only the level of access that they require

Create groups according to the access that the group

When you assign permissions for working with data or

When you assign permissions for public data folders, assign

Deny permissions only when it is essential to deny specific

Encourage users to assign permissions to the files and folders

Setting NTFS Permissions

Assigning or Modifying Permissions

Adding Users or Groups

Granting or Denying Special Permissions

Preventing Permission Inheritance

Assigning or Modifying Permissions

Adding Users or Groups

Granting or Denying Special Permissions

account or group to another.

You can give someone the ability to take ownership and, as an

administrator, you can take ownership of a file or folder.

The following rules apply for taking ownership of a file or

Preventing Permission Inheritance

Practice: Planning and Assigning NTFS

Determining the Default NTFS Permissions for a Folder

Assigning NTFS Permissions

Testing NTFS Permissions

Lesson 3: Solving Permissions Problems

Copying Files and Folders

Moving Files and Folders

Troubleshooting Permissions Problems

Avoiding Permissions Problems

Copying Files and Folders

Moving Files and Folders

Troubleshooting Permissions Problems

A user can't gain access to a file or folder.

You add a user account to a group to give that user access to

a file or folder, but the user still can't gain access.

A user with Full Control permission to a folder deletes a file in

the folder, although that user doesn't have permission to

able to delete more files.

Avoiding Permissions Problems

Assign the most restrictive NTFS permissions that still enable

Practice: Managing NTFS Permissions

Taking Ownership of a File