No announcement yet.

NTFS permissions

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • NTFS permissions

    It person asked me to check his effective permissions to certain catalog files on a shared folder. He has full control ntfs permissions to the folder containing the files, and change permissions to the network share that he uses to access the files. I'm not sure...what are IT person's effective permissions to the files?

  • #2
    Re: NTFS permissions

    The most restrictive permission applies i.e. if a user has full NTFS rights but read only share rights then he will only have read only rights.

    In your case, he has change rights. NTFS rights are more granular so you pretty much always find that you grant full rights to the share and then lock it down with NTFS rights

    Hope this helps

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: NTFS permissions

      More than that, you can always check the effective permissions of a specific user/group on a folder or file by using this :
      - right click the specific object;
      - go to Properties;
      - go to Security tab;
      - click Advanced;
      - go to Effective permissions tab;
      - select your user or group name by clicking the Select button.

      In the lower part of the window you will get the effective permissions of that user/group on the specific object. And if you ever ask yourself WHY are the permissions like that, see Michael's reply
      See the attached screenshot.
      Attached Files

      Sorin Solomon

      In order to succeed, your desire for success should be greater than your fear of failure.


      • #4
        Re: NTFS permissions

        Just one small caveat to sorinso's most excellent post:

        Make sure that when you run the Effective Permissions Wizard, you have Admin rights over the entire context being tested; i.e. if you, the resource and the user are in different domains, make sure your account has admin rights over all the affected domains.

        The reason is, if you don't, the results from the Effective Permissions Wizard are completely unpredictable and will show you almost anything apart from the actual true result. I have this in black and white from Microsoft having raised a Category B case under my Employer's support contract. We had a user who likes to think that he can exercise authority in the IT arena over people in his area; but he has no admin rights. He ran "Effective Permissions" against a folder and several users who did not have access. It reported (despite their group memberships being exactly the same and NONE of them ACTUALLY having access) some of them as having "Full Control" and others having "Read", while others showed correctly "No access". Testing one user who had "Full Control", using the meddler user's account reported "Change" and "Delete child objects"!!!

        So - just be careful when using it that you know you have admin rights over the areas of concern otherwise you'll get nonsense.

        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you


        • #5
          Re: NTFS permissions

          User banned for registering multiple usersnames, double posting, not citing quoted references, and using devious forum methods.

          Network Consultant/Engineer
          Baltimore - Washington area and beyond