Setting folder and file permissions gives you some network security, but it doesn’t secure your PC desktop. When you use the NT file system (NTFS) in Vista, however, you can set file permissions at the local PC level. That means that a user sitting down at a PC, not just a user accessing the resource across a network, is bound by NTFS permissions.
NTFS permissions, which can be set only on drives partitioned with NTFS, can be assigned to drives and folders, just like sharing permissions, but they also can be assigned to individual files. Unlike sharing permissions, in which the default setting for a resource is Not Shared, NTFS permissions are set to allow access by default.
NTFS offers many more types of permission than the sharing permissions discussed in the previous section. For folders, you can assign these permissions:
- List Folder Contents: View a folder’s contents
- Read: View a folder’s contents, open files, and view file and folder attributes
- Read & Execute: Same as Read, plus the ability to move through folders to reach other folders, even if no permission is granted for those folders
- Write: Same as Read, plus the ability to create and edit subfolders and change attributes
- Modify: Combination of Read & Execute and Write, plus the ability to delete the folder
- Full Control: Same as Modify, plus the ability to change permissions, take ownership, and delete subfolders and files
Special Permissions: Allows you to customize permissions on folders by selecting the individual components of the standard sets of permissions
The list of permissions for individual files is the same, except for the List Folder Contents permission. For files, you can assign these permissions:
- Read: Open the file and view its attributes, ownership, and permissions
- Read & Execute: Same as Read, plus the ability to run applications
- Write: Same as Read, plus the ability to change file content and attributes
- Modify: Same as Write and Read & Execute combined, plus the ability to delete the file
- Full Control: Same as Modify, plus the ability to change permissions and take ownership
- Special Permissions: Allows you to customize permissions on files by selecting the individual components of the standard sets of permissions
Just like sharing permissions, NTFS permissions can be set to Allow with the Allow check box. Permissions are cumulative and can be inherited from parent folders or drives. NTFS permissions can also be set to Deny, but you should use Deny sparingly because it overrides more lenient permissions. For example, if you set Read access for a folder to Deny and the drive on which the folder resides allows Full Control, everything on that drive will have Full Control access except for that folder, which will have no access at all.
To set NTFS permissions, use the Security tab on the Properties page for a folder or file.