I was playing around with our Windows NTFS file and folder permission the other day and found the below descriptions rather necessary and interesting. Hence I have decided keep them for future reference but also share for anyone else interested.
The reason that these permissions are called 'advanced' permissions is because they appear in the Advanced Security Settings dialog box. To get to them, you must click the 'Advanced' button in the 'Properties' dialog box, 'Security' tab.
The following is a list of file and folder advanced permissions with a short description for each:
Traverse Folder/Execute File
The reason that these permissions are called 'advanced' permissions is because they appear in the Advanced Security Settings dialog box. To get to them, you must click the 'Advanced' button in the 'Properties' dialog box, 'Security' tab.
The following is a list of file and folder advanced permissions with a short description for each:
Traverse Folder/Execute File
- Traverse Folder: Allows or denies moving through a restricted folder to reach files and folders beneath the restricted folder in the folder hierarchy. Traverse folder takes effect only when the group or user is not granted the "Bypass traverse checking user" right in the Group Policy snap-in. This permission does not automatically allow running program files.
- Execute File: Allows or denies running program (executable) files.
List Folder/Read Data
Read Attributes - List Folder: Allows or denies viewing file names and subfolder names within the folder. List Folder only affects the contents of that folder and does not affect whether the folder you are setting the permission on will be listed.
- Read Data: Allows or denies viewing data in files.
- Allows or denies viewing the attributes of a file or folder, for example, "read-only" and "hidden".
Read Extended Attributes
Create Files/Write Data - Allows or denies viewing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.
- Create Files: Allows or denies creating files within the folder.
- Write Data: Allows or denies making changes to a file and overwriting existing content.
Create Folders/Append Data
- Create Folders: Allows or denies creating subfolders within the folder.
- Append Data: Allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data.
Write Attributes
- Allows or denies changing the attributes of a file or folder, for example, "read-only" or "hidden".
- The Write Attributes permission does not imply creating or deleting files or folders, it only includes the permission to make changes to the attributes of an existing file or folder.
Write Extended Attributes
Delete Subfolders and Files - Allows or denies changing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.
- The Write Extended Attributes permission does not imply creating or deleting files or folders, it only includes the permission to make changes to the extended attributes of an existing file or folder.
- Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file.
- Allows or denies deleting the file or folder. If you don't have Delete permission on a file or folder, you can still delete it if you have been granted Delete Subfolders and Files on the parent folder.
Read Permissions
- Allows or denies reading permissions of a file or folder.
Change Permissions
Take Ownership - Allows or denies changing permissions of the file or folder.
- Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.
Synchronize
- Allows or denies different threads to wait on the handle for the file or folder and synchronize with another thread that may signal it. This permission applies only to multi-threaded, multiprocessing programs.
No comments:
Post a Comment