Securing Folders And Files In Vista Part VI

Setting folder and file permissions gives you some network security, but it doesn’t secure your PC desktop. When you use the NT file system (NTFS) in Vista, however, you can set file permissions at the local PC level. That means that a user sitting down at a PC, not just a user accessing the resource across a network, is bound by NTFS permissions.

NTFS permissions, which can be set only on drives partitioned with NTFS, can be assigned to drives and folders, just like sharing permissions, but they also can be assigned to individual files. Unlike sharing permissions, in which the default setting for a resource is Not Shared, NTFS permissions are set to allow access by default.

NTFS offers many more types of permission than the sharing permissions discussed in the previous section. For folders, you can assign these permissions:

  • List Folder Contents: View a folder’s contents
  • Read: View a folder’s contents, open files, and view file and folder attributes
  • Read & Execute: Same as Read, plus the ability to move through folders to reach other folders, even if no permission is granted for those folders
  • Write: Same as Read, plus the ability to create and edit subfolders and change attributes
  • Modify: Combination of Read & Execute and Write, plus the ability to delete the folder
  • Full Control: Same as Modify, plus the ability to change permissions, take ownership, and delete subfolders and files

Special Permissions: Allows you to customize permissions on folders by selecting the individual components of the standard sets of permissions

The list of permissions for individual files is the same, except for the List Folder Contents permission. For files, you can assign these permissions:

  • Read: Open the file and view its attributes, ownership, and permissions
  • Read & Execute: Same as Read, plus the ability to run applications
  • Write: Same as Read, plus the ability to change file content and attributes
  • Modify: Same as Write and Read & Execute combined, plus the ability to delete the file
  • Full Control: Same as Modify, plus the ability to change permissions and take ownership
  • Special Permissions: Allows you to customize permissions on files by selecting the individual components of the standard sets of permissions

Just like sharing permissions, NTFS permissions can be set to Allow with the Allow check box. Permissions are cumulative and can be inherited from parent folders or drives. NTFS permissions can also be set to Deny, but you should use Deny sparingly because it overrides more lenient permissions. For example, if you set Read access for a folder to Deny and the drive on which the folder resides allows Full Control, everything on that drive will have Full Control access except for that folder, which will have no access at all.

To set NTFS permissions, use the Security tab on the Properties page for a folder or file.

Article Written by

  • Paulo Silva

    well, since Vista and Windows 7 are becoming even more outdated nowadays (and scaring the users from their earlier versions), would be interesting seeing Diana Huggins articles about Linux instead of Windows Vista – everybody is saying Linux is the future, and who is me to doubt it…

  • JD Hendrex

    Not to M$ bash but, I believe it is inevitable that linux will assume the lead on the desktop. I believe linux already has the lead on servers. I personally want end to end native connectivity; from cellphone, to internet, to web site, to zaurus, to desktop, to server. I just about have that now. I can legally work on any part of it I want, including change it if I am capable of it. (Sometimes I am.)
    Just having a system that just works, (sometimes even with a bug) is worth a lot in stress-not-experienced. I used to hold my breath when booting M$, as I did not know from one boot to the next if it would go or not … STRESSFUL!!
    FREE! Free as in beer and free as in political liberty.
    Unmatched user community.
    Unmatched Beta testing.
    I could go on a while yet but you get the picture. I found a better mousetrap and I have adopted it!

    I suspect the marketing people @ M$ were grossly underpaid. They did a masterful job.