Managing File Systems
File and Folder Permissions

Each folder and each file on an NTFS-formatted volume has an ACL (also known as DACL, for discretionary access control list, and commonly called NTFS permissions). An ACL comprises an access control entry (ACE) for each user who is allowed access to the folder or file. With NTFS permissions, you can control access to any file or folder, allowing different types of access for different users or groups of users. To view and edit NTFS permissions for a file or folder, right-click its icon and choose Properties. The Security tab lists all the groups and users with permissions set for the selected object, as shown below. Different permissions can be set for each user, as you can see by selecting each one.

To make changes to the settings for any user or group in the list, or to add or remove a user or group in the list, click Edit. (Use caution. Setting NTFS permissions without understanding the full consequences can lead to unexpected and unwelcome results, including a complete loss of access to files and folders. The permission-setting capabilities of the Sharing wizard provide far greater flexibility and power than were possible in the basic Windows XP interface. Before you delve into the inner workings of NTFS permissions on the Security tab, be sure to try the Share With command or the Sharing tab, both of which invoke the Sharing wizard unless it has been disabled.)

An Access Control List (ACL) is a collection of Access Control Entries (ACE) that identifies a specific security identifier (that is, who) can perform a given action (that is, what) to a file or folder. ACLs are used to specify what a user or group is allowed to do with the file or folder.

ACLs are supported by Windows 7 for the NTFS file system.

Read more about Access Control Lists at:
http://msdn.microsoft.com/en-us/library/aa374872(VS.85).aspx.

Activity 5-5

CIS 170F: Windows 7 Administration

Week 5

Managing File Systems
File and Folder Permissions