πŸ›‘οΈ

NTFS Permissions Overview

Jul 20, 2025

Overview

This lecture explains the difference between simple and special permissions in NTFS, how to view and modify special permissions, and demonstrates using NTFS DACLs for custom permission scenarios.

Simple vs. Special Permissions

  • Simple permissions are groups of specific, detailed permissions called special permissions.
  • Setting the "Read" simple permission enables multiple special permissions: list folder/read data, read attributes, read extended attributes, read permissions, and synchronize.
  • Simple permissions are sufficient in most cases but lack fine-grained control.

Viewing and Modifying Special Permissions

  • Special permissions can be viewed in the GUI under the Advanced permissions settings for a file or folder.
  • Special permissions allow detailed customization beyond the basic read, write, and modify options.
  • In the command-line interface (CLI), the icacls command displays special permissions for files and folders.

Example: Customizing Permissions for Shared Folders

  • The C:\Windows\Temp directory is used for temporary files accessible by all users on the system.
  • Granting "Modify" or "Full Control" would let users delete others’ files, which is not desired.
  • Instead, assign users permissions to create files (WD), write data, create folders (AD), append data, and synchronize (S), but not delete.
  • The IO (inherit only) flag means some permissions are inherited by subfolders but not applied to the directory itself.
  • "Creator Owner" is a special user representing the owner of a file; owners have full control over their own files and folders.
  • When a user creates a file or folder, they are assigned full control, and inherited DACLs apply.

Key Terms & Definitions

  • Simple permissions β€” Predefined sets of permissions like Read or Write that combine several special permissions.
  • Special permissions β€” Fine-grained, detailed permissions (e.g., read attributes, create files) for NTFS objects.
  • DACL (Discretionary Access Control List) β€” List defining which users or groups have what permissions to resources.
  • ICACLS β€” Command-line utility to view and set file and folder permissions in Windows.
  • IO (Inherit Only) β€” Flag indicating a permission is inherited by subfolders, not applied to the current folder.
  • Creator Owner β€” Special identity assigned full control over files or folders they create.

Action Items / Next Steps

  • Practice viewing and modifying special permissions using the GUI Advanced tab and icacls command.
  • Experiment with permission assignment in a shared directory, testing the effects of DACL and Creator Owner settings.
  • Review NTFS permissions and flags for further study.

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/g_87rGcDS1iCMTn6UdkS0g.processed/full/720p/index.mp4?Expires=1753142400&Signature=DnkAWUXSRma52U6WV4muUaJalBHycTDMD-iiS3X-nW9llikTRt5xRcehTbEftIOQuv32yH~9ssiZx532hGYMkM2QgO~MmB4y2w1i26~YPjPi1Svwq9oAiB5roJIshaGdw~a48KmpFgwifpcql9LCtMx~CshNv2u03v7dlpxrdGw_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A