• Choose a category
• All
• Classic-Fiction

NTFS permissions define exactly what a particular account can or cannot do to the file or folder and are thus quite detailed and powerful. You can make it possible, for example, for a person to edit a file but not delete it. You can let someone create a folder and not allow other people to make subfolders. NTFS file and folder permissions are so complicated that entire books have been written on them! Fortunately, the CompTIA A+ certification exams test your understanding of only a few basic concepts of NTFS permissions: Ownership, Take Ownership permission, Change permissions, Folder permissions, and File permissions.

Ownership When you create a new file or folder on an NTFS partition, you become the owner of that file or folder. A newly created file or folder by default gives everyone full permission to access, delete, and otherwise manipulate that file or folder. Owners can do anything they want to the files or folders they own, including changing the permissions to prevent anybody, even administrators, from accessing them.

Take Ownership permission With the Take Ownership special permission, anyone with the permission can seize control of a file or folder. Administrator accounts have Take Ownership permission for everything. Note the difference here between owning a file and accessing a file. If you own a file, you can prevent anyone from accessing that file. An administrator whom you have blocked, however, can take that ownership away from you and then access that file!

Change permission Another important permission for all NTFS files and folders is the Change permission. An account with this permission can give or take away permissions for other accounts.

Folder permissions Let’s look at a typical folder in my Windows XP system to see how this one works. My E: drive is formatted as NTFS, and on it I created a folder called E:\MIKE. I set the permissions for the E:\MIKE folder by right-clicking on the folder, selecting Properties, and clicking the Security tab (see Figure 16-26).

File permissions File permissions are similar to Folder permissions. We’ll talk about File permissions right after we cover Folder permissions.

Figure 16-26 The Security tab lets you set permissions.

In Windows, just about everything in the computer has a Security tab in its properties, and every Security tab contains two main areas. The top area shows the list of accounts that have permissions for that resource. The lower area shows exactly what permissions have been assigned to the selected account.

Here are the standard permissions for a folder:

Full Control Enables you to do anything you want.

Modify Enables you to do anything except delete files or subfolders.

Read & Execute Enables you to see the contents of the folder and any subfolders.

List Folder Contents Enables you to see the contents of the folder and any subfolders. (This permission seems the same as the Read & Execute permission, but it is only inherited by folders.)

Read Enables you to read any file in the folder.

Write Enables you to write to files and create new files and folders.

File permissions are quite similar to folder permissions, with the main difference being the Special Permissions option, which I’ll talk about a bit later in the chapter.

Full Control Enables you to do anything you want!

Modify Enables you to do anything except take ownership or change permissions on the file.

Read & Execute If the file is a program, you can run it.

Read If the file is data, you can read it.

Write Enables you to write to the file.

Take some time to think about these permissions. Why would Microsoft create them? Think of situations where you might want to give a group Modify permission. Also, you can assign more than one permission. In many situations, we like to give users both the Read as well as the Write permission.

Permissions are cumulative. If you have Full Control on a folder and only Read permission on a file in the folder, you get Full Control permission