NTFS File and Folder Permissions

They’re one of the most dreaded and tedious but necessary tasks of system administration. However, file- and folder-level permissions are significant in terms of protecting data from unauthorized use on your network. If you have ever worked with Unix permissions, you know how difficult they are to understand and set: complex CHMOD-based commands, with numbers that represent bits of permission signatures—it’s so easy to get lost in the confusion. Windows Server 2003, on the other hand, provides a remarkably robust and complete set of permissions, more so than any common Unix or Linux variety available today. It’s also true that no one would argue how much easier it is to set permissions in Windows than to set them in any other operating system. That’s not to say, however, that Windows permissions are a cinch to grasp; there’s quite a bit to them.

Standard and Special Permissions

Windows supports two different views of permissions: standard and special. Standard permissions are often sufficient to be applied to files and folders on a disk, whereas special permissions break standard permissions down into finer combinations and enable more control over who is allowed to do what functions to files and folders (called objects) on a disk. Coupled with Active Directory groups, Windows Server 2003 permissions are particularly powerful for dynamic management of access to resources by people other than the system administrator—for example, in the case ...

Get Learning Windows Server 2003 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.