The meeting provided a detailed review of NTFS file and folder permissions for Windows 7 and Windows Server 2008 R2.
The team discussed how different sets of permissions relate to specific user actions and inheritance behaviors.
Important distinctions in permission inheritance and group membership impacts were highlighted.
No major decisions were made, but the session clarified current technical configurations.
Action Items
None
File and Folder Permissions Overview
NTFS permissions are classified into several sets (Full Control, Modify, Read & Execute, List Folder Contents, Read, Write), each allowing specific actions on files and folders.
The permissions govern activities such as traversing folders, reading data, creating files, writing data, deleting files, changing permissions, and taking ownership.
A permissions table details what each set allows, such as:
Full Control: permits all actions, including deletion, ownership changes, and changing permissions.
Modify: excludes some actions available to Full Control, such as changing permissions and taking ownership.
Read & Execute, List Folder Contents, Read, and Write have progressively fewer allowed actions.
Special Permission Behaviors and Inheritance
“List Folder Contents” and “Read & Execute” have the same underlying special permissions but differ in inheritance:
List Folder Contents is inherited by folders only.
Read & Execute is inherited by both files and folders.
This means permission views and effective rights may appear differently between folders and files.
Group Membership Implications
In this Windows version, the “Everyone” group does not include “Anonymous Logon” by default.
As a result, permissions set for “Everyone” do not apply to anonymous users unless explicitly configured.