Thursday, May 3, 2012

NTFS Security


NTFS permissions can be used to secure files and folders on an NTFS Partition. Unlike share permissions, NTFS permissions can be assigned to individual files as well as folders.  Permissions can be assigned to individual users or groups of users. NTFS permissions apply to the local machine as well as the network
NTFS Folder Permissions
Read – Allows a user to see the files and subfolders in a folder, and to view folder properties.
Write – Allows a user to create new files and folders within the folder, change folder attributes and view folder properties.
List Folder Contents – Allows a user to view the contents of the folder.
Read and Execute – Allows a user to read the contents of a folder and Traverse Folders.
Modify – Allows a user to delete and modify the contents of a folder, and enables Read/Execute and Write permissions.
Full Control – Allows a user to modify permissions and to take ownership.

NTFS File Permissions

Read – Allows a user to read a file and view its properties.
Write – Allows a user to overwrite a file, change attributes, and view ownership and permissions.
Read and Execute – Allows a user the right to run applications and read a file.
Modify – Allows a user to modify and delete a file and also allows Read/Execute and Write Permissions.
Full Control – Gives the user full-control over a file, allowing the user to modify permissions and take ownership.

Permission Inheritance

By default all files and folders inherit permissions from their parent. If Read Permission is allowed to the parent folder, all child files and folders below it will also be given Read Permission. This is known as Permission Inheritance.
Windows also allows you to block Permission Inheritance, and assign permissions to files and folders individually.

Taking Ownership

Every file and folder created has an owner. This owner is called the creator owner. The owner of an object can deny access to other users including the Administrator. Fortunately the administrator can take ownership of any file or folder on the computer and regain access.
To configure folder permissions right-click on the relevant folder.
Select Properties.
Select Security.
The Access Control List (ACL) for the folder is displayed. Click on Add to add a new user to the list.
Type in the name of the user, e.g. Pauline Potter.
Click on OK to continue.
The user Pauline Potter has been added to the ACL and has been given the Read & Execute and List Folder Contents permissions.
As well as securing folders, NTFS can also secure individual files. Right-click on the file to configure file  permissions.
Select Properties.
Select the Security Tab.
Notice that this file has inherited all the permissions of its parent. Highlight the user Pauline Potter.
…and select the Deny Full Control Permission. N.B. Similar to share permissions, the Deny permission will always take precedence.
Pauline Potter has now been denied access to the file. Click on Advanced to view the advanced options for this file.
The Permissions tab allows you to fine-tune permissions. To view the special permissions available for this file click on Add.
…and specify a user.
Click on OK.
A list of permissions are shown which allows an administrator to fine-tune access to the file or folder.
The owner tab displays the owner of the file. Users with the right to take ownership can take control of the file from here.
The Effective Permissions page can be used to determine what level of access a user or group will have to this file.
For example, the user Pauline Potter has no access to the file. Even though she has read and execute permission to the parent folder.
The user will receive an error message when attempting to open the file.

Copying and Moving Files on the same Partition.

The follow rules should be remembered when moving or copying files and folders.  A new file or folder automatically inherits permissions from its parent.   When moving a file on the same NTFS partition, the file will keep its original permissions, no matter where it is placed.  When copying a file on the same NTFS partition, a new version of the file is made, so it will inherit the permissions of its parent.

Moving files between folders within a NTFS partition

When moving a file from one folder to another, the file keeps its original permissions. This is because no new resource is made; it is merely moved.

Copying Files Between Folders

When copying a file from one folder to another, the file inherits the permissions of its parent. This is because you are making a new version of the file.

Copying and Moving Files and Folders to another partition.

When copying or moving files and folders to another NTFS partition, a new resource is created, therefore the file/folder will inherit permissions from its parent.
When copying or moving files and folder to a non-NTFS partition, the file/folder will lose all of its attributes.

No comments:

Post a Comment