Monday, December 12, 2011


Securing Access to Files and Folders On Windows | Understanding NTFS Permissions

NTFS permissions control access to NTFS files and folders. This is based on the technology that was originally developed for Windows NT. Ultimately, the person who owns an object has complete control over the object. You configure access by allowing or denying NTFS permissions to users and groups.

On NTFS partitions, you can specify the access each user has to specific folders or files on the partition based on the user ’ s logon name and group associations. Access control consists of rights and permissions. A right (also referred to as a privilege) is an authorization to perform a specific action.

To understand the Difference Between FAT And NTFS File System, follow this location, FAT And NTFS File.

Permissions are authorizations to perform specific operations on specific objects. The owner of an object or any user who has the necessary rights to modify permissions can apply permissions to NTFS objects. If permissions are not explicitly granted within NTFS, then they are implicitly denied. Permissions can also be explicitly denied, which then overrides explicitly granted permissions.

Securing Access to Files and Folders On Windows  Understanding NTFS Permissions

The following sections describe design goals for access control as well as how to apply NTFS permissions and some techniques for optimizing local access. Let ’ s take a look at design goals for setting up security.

Design Goals for Access Control

Before you start applying NTFS permissions to resources, you should develop design goals for access control as a part of your overall security strategy. Basic security strategy  suggests that you provide each user and group with the minimum level of permissions needed for job functionality. Some of the considerations when planning access control include the following:

  • Defining the resources that are included within your network — in this case, the files and folders residing on the file system
  • Defining which resources will put your organization at risk, including defining the resources and defining the risk of damage if the resource was compromised
  • Developing security strategies that address possible threats and minimize security risks
  • Defining groups that security can be applied to based on users within the group membership who have common access requirements, and applying permissions to groups as opposed to users
  • Applying additional security settings through Group Policy if your Windows 7 clients are part of an Active Directory network
  • Using additional security features, such as Encrypted File System (EFS), to provide additional levels of security or file auditing to track access to critical files and folders

After you have decided what your design goals are, you can start applying your NTFS permissions.

Normally, NTFS permissions are cumulative, based on group memberships if the user has been allowed access. This means that the user gets the highest level of security from all the different groups they belong to. However, if the user had been denied access through user or group membership, those permissions override the allowed permissions. To know more on how to Setting NTFS Permissions In Windows, follow this link: Setting NTFS Permissions.


About bench3 -

Haja Peer Mohamed H, Software Engineer by profession, Author, Founder and CEO of "bench3" you can connect with me on Twitter , Facebook and also onGoogle+

Subscribe to this Blog via Email :