Interaction of File and Folder Security on NTFS Volumes

Article ID: 161275 - View products that this article applies to.
This article was previously published under Q161275
Expand all | Collapse all

SUMMARY

After you set permissions on specific files, users and groups sometimes have more rights to the files than expected. This is because NTFS security applies both at the file level and at the folder level. NTFS permissions granted at both levels are cumulative.

For example, you have a folder called Reports and you grant the group Sales full control, and the group Marketing read access to the folder. You then put a file called README into the folder, and explicitly set the rights to the Everyone group as Read. Members of the Marketing group will be able to read, but not delete the file README. Members of the Sales group however, will be able to both read and delete the file, because they have the full control right at the folder level. To prevent the file from being deleted by either group you would need to change the Sales group access at the folder level.

MORE INFORMATION

For additional information on this subject see:
  • "Windows NT Workstation Resource Kit," Chapter 18, section titled "Controlling Access to Files and Folders"
  • Windows NT Server "Concepts and Planning Guide," Chapter 5.

Properties

Article ID: 161275 - Last Review: November 1, 2006 - Revision: 2.1
APPLIES TO
  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Workstation 3.1
  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
Keywords: 
kbusage KB161275
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top