File Servers
Lesson 3

NTFS permissions overview

By Sai Kurada
August 30, 2023
NTFS (New Technology File System) is the primary file system used by modern versions of Microsoft Windows. It provides a robust set of permissions and security features to control access to files and folders.
Here's an overview of NTFS permissions:

Types of Permissions:
  • Read: Allows users to view and open files and subfolders. They can also view the contents of folders.
  • Write: Allows users to create new files and folders within a directory, as well as modify existing files. It also includes the ability to delete files and subfolders.
  • Modify: Includes all permissions of Read and Write. In addition, users with Modify permission can also rename files and folders.
  • Full Control: Grants all permissions, including the ability to change permissions on the file or folder, and take ownership of it.
  • Special Permissions: These are more granular permissions that allow fine-tuned control over certain actions, like changing attributes or taking ownership.

Inheritance:
NTFS permissions can be inherited from parent folders. This means that permissions set at a higher level in the folder hierarchy are automatically applied to subfolders and files. However, you can also disable inheritance and set unique permissions for a specific folder or file.

Explicit vs. Inherited Permissions:
  • Explicit Permissions: These are permissions that are directly assigned to a file or folder. They take precedence over inherited permissions.
  • Inherited Permissions: These are permissions that are inherited from a parent folder. They apply to the file or folder by default, but can be overridden by explicit permissions.

Permission Combinations:
  • Allow: Grants specific permissions to a user or group.
  • Deny: Explicitly denies specific permissions, which takes precedence over any allow permissions. Deny permissions should be used sparingly.

Ownership:
Every file and folder on an NTFS volume has an owner. The owner has full control over the file or folder and can change its permissions. By default, the user who creates a file or folder is its owner, but ownership can be transferred.

Auditing:
NTFS also supports auditing, which allows you to track and log access and modification of files and folders. This can be useful for security and compliance purposes.

Effective Permissions:
When a user or group has multiple sets of permissions due to membership in multiple groups or explicit permissions, the effective permissions are determined by a combination of all these settings.

Permission Precedence:
When permissions conflict, the most restrictive permission applies. For example, if a user has "Read" permission but is also in a group with "Deny Write" permission, the user will not be able to write to the file.

Conclusion:

It's important to plan and implement NTFS permissions carefully to ensure that users and groups have the appropriate level of access to files and folders while maintaining security. Regularly reviewing and auditing permissions can help maintain a secure and organized file system.