CIS 170F: Windows 7 Administration

Week 5

Managing File Systems
File and Folder Permissions
Individual NTFS Permissions

Individual NTFS permissions exist to fine-tune access and control for files and folders. These permissions are only visible when editing a permission entry in the advanced security view.

If you edit access permissions in the Advanced Security Settings dialog box, you can exercise more "fine-grained" control over permissions.

Permission Properties
Traverse Folder/Execute File For folders, this special permission allows a user the right to move through a folder to which he or she doesn't have List Folder access, to reach a file or folder to which he or she does have access. For files, this permission allows the running of applications. (This permission is necessary only if the user wasn't granted the Group Policy Bypass Traverse Checking.)
List Folder/Read Data For folders, allows the user to view the names of files or subfolders inside a folder. For files, allows the user to read the data in a file.
Read Attributes Allows the user to view the attributes of the file or folder (that is, Hidden, Read-Only, or System).
Read Extended Attributes Allows the user to view extended attributes of files or folders as defined by another program. (These attributes vary depending on the program.)
Create Files/Write Data For folders, allows the user to create new files inside the folder. For files, allows the user to add new data or overwrite data inside existing files.
Create Folders/Append Data For folders, allows the user to create new subfolders. For files, allows the user to append data to the end of an existing file. This permission does not pertain to deleting or overwriting existing data.
Write Attributes Allows the user to change the attributes of the file or folder.
Write Extended Attributes Allows the user to change the extended attributes of a file or folder.
Delete Subfolders and Files For a folder, allows the user to delete subfolders and their contents. This permission applies even if the Delete permission has not been expressly granted on the individual subfolders or their files.
Delete Allows or denies the user the ability to delete the file. Even if Delete is denied, a user can still delete a file if he or she has Delete Subfolders and Files permission on the parent folder.
Read Permissions Allows the user to view the file's or folder's permissions assigned to a file or folder.
Change Permissions Allows the user to change the file's or folder's permissions. Take Ownership Allows the user to take ownership of a file or folder.

Previous | File and Folder Permissions | Permissions and Rights | Default Folder Permissions | NTFS Standard Permissions | Individual NTFS Permissions | Permission Scope | Permission Inheritance | Effective Permission | Ownership | Auditing | Permission Changes When Content Is Copied or Moved | Permission Strategy Considerations | Next