Windows 2000 Permissions

NTFS File Permissions

NTFS file permisssions control access to individual files by specifying which users can access them and what kind of access the users can have.

Read: Read the file and view file attributes, ownership, and permissions.

Write: Overwrite the file, change file attributes, and view file ownership and paermissions.

Read and Execute: Run applications and perform the actions permitted by the Read permissions.

Modify: Modify and delete the file and perform the actions permitted by the Write permission and Read and Execute permission.

Full Control: Change permissions, take ownership, and perform the actions permitted by all other NTFS file permissions.

NTFS Folder Permissions

NTFS folder permissions control user access to folders and to the files and subfolders contained within them. If permission is denied to a file that is inside a folder that has an Allow permission, the Deny attribute takes precedence over the Allow permission applied to the folder.

Read: See files and subfolders in the folder and view folder ownership, permissions, and attributes, such as Read-Only, Hidden, Archive, and System.

Write: Create new files and subfolders within the folder, change folder attributes, and view folder ownership and permissions.

List Folder Contents: View the names of files and subfolders in the folder.

Read and Execute: Move through folders to reach other files and folders, plus perform actions permitted by the Read permission and List Folder Contents permission.

Modify: Delete the folder and perform actions permitted by the Write permission and the Read and Execute permission.

Full Control: Change permissions, take ownership, delete subfolders and files, and perform actions permitted by all other NTFS folder permissions.

Shared Folder Permissions

TO provide multiple users with access to the same resource, such as a folder, you must share the folder. Sharing a folder refers to the process by which the folder is made accesible to multiple users simultaneously over the network. You can only share folders, not individual files. Shared folders are usually placed on a file server, but you can also place them on any computer on the network.

Some characteristics of shared folders are:

A shared folder appears in Explorer with an icon of a hand holding the folder. Permissions are assigned to the entire folder only, not to individual files or subfolders within the share folder. When a folder is shared, the Full Control permission is assigned to the Everyone group as the default permission. When a user is added to a shared folder, the user receives the Read permission by default. Whan a shared folder is copied, the original folder is still shared, but the copy is not shared. When a shared folder is moved to another location, the folder is no longer shared.

Read: Display folder names, file names, file data, and attributes; run application files; and change folders within the shared folder.

Change: Create folders, add files to folders, change data in files, append data to files, change file attributes, delete folders and files, and perform actions permitted by the Read permission

Full Control: Change file permissions, take ownership of files, and perform all taks permitted by the Change permission.

Printer Permissions

Printer permissions control the types of printing activities users may perform and also can be used to limit user access to certain printers for security reasons.

Levels of printer permissions:

Print: The Print permission allows you to connect to a printer. It also allows you to print and cancel your own documents.

Manage Documents: The Mangage Documents permission allows you to connect to a printer. It also allows you to pause, resume, restart, and cancel printing of all documents.

Manage Printers: The Manage Printers permission allows you to perform all of the tasks that the Print and Manage Documents permissions allow. In addition, this permission allows you to share a printer, change printer properties, delete a printer, and change printer permissions.