NTFS Explicit and Inherited Permissions

NTFS allows permissions to be either configured on each file or folder or inherited from a parent folder. This video will look at both ways of configuring permissions and how the administrator can use them effectively to achieve the result that they require.

Show lesson content
Explicit and inherited
Explicit permissions are created when the object is first created. For example, if a hard disk is first formatted, permissions must be assigned to the root folder in order for the user to access data on the drive. Otherwise, explicit permissions can be created on an object manually at any time.

Inherited permissions are permissions that are inherited from the parent. The advantage of this is that if the permissions assigned to the parent change, the object or objects inheriting the permissions will also change.

Explicit and inherited Example
hen a hard disk is first formatted, explicit permissions will be assigned to the root folder. It is not possible to use inherited permissions because there is no folder above the root folder in which permissions can be inherited from. In this example, everyone has been given read & execute permission to the root folder. Also the administrators have been given full control. When the folder c:\Users is created, it will inherit the permissions from the folder above it which is c:\. So essentially the folder c:\users has the same permissions as the root folder. When the sub folder Joe is created, the explicit permission modify for the user Joe is added. This gives the user Joe the ability to read, write and delete files and folders in the folder c:\Users\Joe. If Joe were to create a sub folder called c:\Users\Joe\Docs this folder would inherit the permissions from the folder above and thus Joe would have the ability to read, write and delete files and folders in that sub folder.

1) To create a folder structure like the one in the example, open Windows Explorer, open a drive, in this case D, right click on the white space and select folder under the new menu.

2) When the folder is created it should be selected allowing the name of the folder to be changed to Users

3) Open the folder and right click on the white space. Select the option Folder under new and rename the folder to Joe.

4) In order for Joe to read, write and delete to files and folders in this folder, he needs to be given additional access. To change the security of the folder, right click the folder and select the option properties.

5) From properties select the tab security and then press the edit button.

6) Press the add button and then enter in the username of Joe. Once Joe has been added, tick the option for modify.

7) Open the folder Joe and then create a folder called Docs.

8) Right click on the Docs folder, select properties and then select the security tab. This should show that the permissions have been inherited from the parent folder. Inherited permissions appear as gray ticks and explicit permissions have black ticks.

9) There are some cases you may need inherited permissions that need to be changed. To do this, open the properties of the file or folder, select the security tab and press the advanced button. On the advanced settings screen press the button at the bottom of the screen “Disable inheritance”. A dialog will be presented asking if you want to convert the existing permissions or remove all permission from the object. If you convert the permissions, this essentially copies the permissions being applied. If you remove the permission, all permissions will be removed and you will need to configure them from scratch.

10) To remove a permissions, press the edit button. Select the permission that you want to remove and then press the remove button.

“Windows 101: Know the basics about NTFS permissions” http://www.techrepublic.com/article/windows-101-know-the-basics-about-ntfs-permissions/


Lesson tags: 70-410-windows-server
Back to: 70-410 Installing and Configuring Windows Server 2012 > Windows File and Share Access

Installing and Configuring Windows Server 2012