NTFS special permissions (Windows 2000)

Definition of NTFS special permissions (Windows 2000) in The Network Encyclopedia.

Sponsor: Geeky T-Shirt: No, I Will Not Fix Your Computer (Amazon)

What is NTFS special permissions (Windows 2000)?

Individual permissions granted or denied when NTFS file system standard permissions are not sufficiently granular for specific security purposes. The special permissions available depend on whether you are securing files or folders. In both cases, 14 special permissions are available; 10 of these are common to the two scenarios. The following tables list the various NTFS special permissions available in Microsoft Windows 2000.

NTFS Special Permissions for Both Files and Folders in Windows 2000

Special Permission User Access Granted
read attributes
View the attributes (including read-only, hidden, system, and archive) of the file or folder
read extended attributes
View custom attributes that can be defined by certain applications for the file or folder
write attributes
Modify the attributes of the file or folder
write extended attributes
Modify custom attributes that can be defined by certain applications for the file or folder
delete subfolders and files
Delete subfolders or files
delete
Delete the file or folder; however, even if this permission is denied on a file, you can delete it if its parent folder has been granted delete subfolders and files permission
read permissions
View the permissions on the file or folder
change permissions
Modify the permissions on the file or folder
take ownership
Take ownership of the file or folder
synchronize
Lets threads in multithreaded programs wait on the file or folder handle and synchronize with another thread that signals it

NTFS Special Permissions Only for Files in Windows 2000

Special Permission User Access Granted
execute file
Execute the file
read data
Read the file
write data
Modify the file
append data
Append to the file (but not modify existing data)

NTFS Special Permissions for Folders in Windows 2000

Special Permission User Access Granted
traverse folder
Drill down to other files and folders in the folder even if you have no permissions on intermediate subfolders
list folder
View the names of subfolders and files in the folder
create files
Create files in the folder
create folders
Create subfolders within the folder

How It Works

You can grant or deny special permissions by using the Advanced button on the Security tab of a file’s or folder’s property sheet. You can select different combinations of special permissions to create custom sets of permissions for special purposes. In most cases, however, it is simplest to use NTFS standard permissions for securing files and folders. If you use special permissions, Windows 2000 gives you a lot of flexibility in how you can apply them, especially if you are applying them to a folder. For example, you can apply a custom set of special permissions to

  • The selected folder only
  • The selected folder, its subfolders, and files
  • The selected folder and its subfolders only
  • The selected folder and its files only
  • Subfolders and files of the selected folder but not the folder itself
  • Subfolders of the selected folder but not the folder itself
  • Files in the selected folder but not the folder itself

To use special permissions you must be the object’s owner, have full control of the object, or be a member of the Administrators group.

NOTE

There are significant differences between NTFS special permissions for Windows 2000 and for Windows NT. The most obvious difference is that in Windows 2000 you can assign any of 14 special permissions, but in Windows NT you have 6 special permissions to choose from: read (R), write (W), execute (X), delete (D), change permission (P), and take ownership (O). The reason for this difference is that in Windows NT much of the machinery of NTFS is hidden from the user interface, while in Windows 2000 this machinery is exposed in the user interface.

See also