🔐

File Permissions in Windows

Jul 20, 2025

Overview

This lecture introduces file permissions in Windows, focusing on access control lists (ACLs), their types, and how permissions are managed and viewed.

File Permissions and Security

  • File permissions restrict access to files and directories to specific users or groups.
  • Permissions concepts in computing are similar to granting access in real life, like sharing a house key.
  • Assigning proper permissions is crucial for maintaining computer security.

Types of Access Control Lists (ACLs)

  • Windows uses access control lists (ACLs) to manage file and directory permissions.
  • Discretionary Access Control Lists (DACLs) specify who can access a file and what actions they can perform.
  • System Access Control Lists (SACLs) log access events for files or folders for auditing purposes.
  • Every file or folder has an owner and one or more associated DACLs.

Permissions in Windows

  • Right-clicking a file/folder and selecting Properties > Security shows users, groups, and their permissions.
  • Each user or group listed has a set of assigned permissions.

Common File and Directory Permissions

  • Read: Allows viewing or reading the file's contents or directory's list of files.
  • Read and Execute: Combines read permission with the ability to run executable files.
  • List Folder Contents: Lets users view and execute files within a directory (alias for Read and Execute on a folder).
  • Write: Allows changes to a file, creation of subdirectories, and writing files within a directory (even without read access).
  • Modify: Grants rights to read, write, and execute; an umbrella permission.
  • Full Control: Allows any action, including taking ownership and editing ACLs.

Viewing and Managing Permissions with iCACLS

  • The iCACLS utility lets users view and modify ACLs for files and folders.
  • Permission codes (e.g., "F" for Full Control) indicate the level of access.
  • NTFS permissions can be inherited: OI (Object Inherit) and CI (Container Inherit) specify inheritance by files and directories created within the parent folder.

Key Terms & Definitions

  • ACL (Access Control List) — list specifying access rights for users and groups.
  • DACL (Discretionary ACL) — defines who has access and their permissions.
  • SACL (System ACL) — used for auditing and logging access events.
  • iCACLS — Windows utility to view and modify ACLs.
  • Object Inherit (OI) — permission inheritance for files.
  • Container Inherit (CI) — permission inheritance for directories.

Action Items / Next Steps

  • Practice viewing and modifying permissions using the Security tab and iCACLS.
  • Review permission codes and inheritance settings.

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/OcMLQyM8TPKtFIbIep2g9A.processed/full/720p/index.mp4?Expires=1753142400&Signature=DQfuYfBdKBIWgZqeSSUua~T73Y0mRv4hvXwBuPzsDomj~fSxdXNBWQndz9VeYPQ0RkTx8ae9w31tre-kjFtNiYHZewvcSU5YBFG0tNircMpgjZtOKpqhP3N8zQG~hpeuxoKOeY3W3VxSb-7HDtH8ShSr~TiPA~4Sl8xKNr9i7~0_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A