Configuring Security

Understanding NTFS Permissions

NTFS is the file system used by Windows 2000. It treats all files as objects with user-defined and system-defined properties. You can set the permissions for a file or folder by specifying a user or group and granting or denying specific permissions. To set permissions, right-click the file or folder, click Properties, and then click the Security tab. You can also set permissions through the Windows 2000 Security Templates snap-in by choosing File System within any template.

If no permissions have been set for a file or folder, users cannot access it, even if some users have access to a higher-level parent directory.

Note The most efficient way to set permissions for a number of objects is to allow objects to inherit the permissions of the highest parent object possible in the hierarchy. When inheritance is enabled, changing the parent object changes the permissions for all child objects.

The following are some of the NTFS permissions:

Permission	Description
Full control	Users can modify, add, move, and delete files, and their associated properties and directories. In addition, they can change permissions settings for all files and subdirectories.
Modify	Users can view and modify files and file properties, including deleting and adding files to a directory, or adding file properties to a file.
Read & Execute	Users can run executable files, including scripts.
Read	Users can view files and file properties.
Write	Users can write to a file.
List Folder Contents	Users can view a list of a folder's contents.