Windows NTFS permissions are required when you run Word on any NTFS partition that has Windows 2000, Windows XP Professional, Windows Server 2003, or Windows Vista installed

Article translations Article translations
Article ID: 277867 - View products that this article applies to.
This article was previously published under Q277867
Expand all | Collapse all

On This Page

SUMMARY

This article describes the Microsoft Windows NTFS file system permissions that are required when you perform specific Microsoft Word operations on any NTFS partition that has one of the following Microsoft Windows operating systems installed:
  • Windows 2000
  • Windows XP Professional
  • Windows Server 2003
  • Windows Vista

MORE INFORMATION

Description of File System Folder and File Permissions

Windows enforces security at every folder level. On a computer that is running Windows, if a user has no permissions for a high-level folder, the user cannot access that folder or view its contents.

Folder permissions control general access to a folder, its files, and its subfolders. When granted at the folder level, the permissions apply to all the files and subdirectories in that folder, unless the permissions are redefined at the file or subfolder level.

The following six folder permissions can be granted at the folder level on a Windows file system.

Folder permission Explanation
List Folder Contents User can only list the files and subdirectories in this folder. User cannot open any files created in this folder.
Read User can read the contents of files in this folder.
Read & Execute User can read the contents of files in this folder and also execute files in this folder.
Modify User can read, write, execute, create, and delete files in this folder.
Write User can read, write, and create files or folders in this folder.
Full Control User can read and change files, add new ones, change permissions for the folder and its files, and take ownership of the folder and its files.


The following table shows the logical group of special permissions associated with folder permissions.

Special permission Full Control Modify Read & Execute List Folder Contents Read Write
Traverse Folder/Execute File x x x x    
List Folder/Read Data x x x x x  
Read Attributes x x x x x  
Read Extended Attributes x x x x x  
Create Files/Write Data x x       x
Create Folders/Append Data x x       x
Write Attributes x x       x
Write Extended Attributes x x       x
Delete Subfolders and Files x          
Delete x x        
Read Permissions x x x x x x
Change Permissions x          
Take Ownership x          
Synchronize x x x x x x


File permissions control access to specific files in a folder. They are used to redefine the permissions that users inherit from folder permissions.

The following permissions can be granted at the file level on a Windows file system.

File permission Description
Read & Execute User can read the contents of a file or execute a file.
Read User can read the content of the file.
Modify User can read, write, delete, and create a file.
Write User can write to files.
Full Control (All) User can read and change the file, add new ones, change permissions for the file, and take ownership of the file.


The following table shows the logical group of special permissions associated with the file permissions.

Special permission Full Control Modify Read & Execute Read Write
Traverse Folder/Execute File x x x    
List Folder/Read Data x x x x  
Read Attributes x x x x  
Read Extended Attributes x x x x  
Create Files/Write Data x x     x
Create Folders/Append Data x x     x
Write Attributes x x     x
Write Extended Attributes x x     x
Delete Subfolders and Files x        
Delete x x      
Read Permissions x x x x x
Change Permissions x        
Take Ownership x        
Synchronize x x x x x

Description of Special Permissions for Files and Folders

You can set any or all of the following special permissions on files and folders.

Special permission Description
Traverse Folder/Execute File Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders (applies to folders only). Traverse Folder takes effect only when the group or user is not granted the Bypass Traverse Checking user right in the Group Policy snap-in. (By default, the Everyone group is given the Bypass Traverse Checking user right.)

Execute File allows or denies running program files (applies to files only).

NOTE: Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.
List Folder/Read Data List Folder allows or denies viewing file names and subfolder names within the folder (applies to folders only). Read Data allows or denies viewing data in files (applies to files only).
Read Attributes Allows or denies viewing the attributes of a file or folder, such as read-only and hidden. Attributes are defined by NTFS file system.
Read Extended Attributes Allows or denies viewing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.
Create Files/Write Data Create Files allows or denies creating files within the folder (applies to folders only).

Write Data allows or denies making changes to the file and overwriting existing content (applies to files only).
Create Folders/Append Data Create Folders allows or denies creating folders within the folder (applies to folders only).

Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data (applies to files only).
Write Attributes Allows or denies changing the attributes of a file or folder, such as read-only or hidden. Attributes are defined by NTFS.
Write Extended Attributes Allows or denies changing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.
Delete Subfolders and Files Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file.
Delete Allows or denies deleting the file or folder. If you do not have Delete permission on a file or folder, you can still delete it if you have been granted Delete Subfolders and Files on the parent folder.
Read Permissions Allows or denies reading permissions of the file or folder, such as Full Control, Read, and Write.
Change Permissions Allows or denies changing permissions of the file or folder, such as Full Control, Read, and Write.
Take Ownership Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.
Synchronize Allows or denies different threads permission to wait on the handle for the file or folder and synchronize with another thread that may signal it. This permission applies only to multithreaded, multiprocess programs.

NTFS Permissions Required to Only Read Documents

READ, OR READ & EXECUTE
The following is a list of folders where users need only Read or Read & Execute permissions to run Word (they only need to be able to read from these folders):
  • Server location of Word program folder tree (Administrative installation)
  • Server location of shared Microsoft applications (MSAPPS) folder tree (Administrative installation)
  • Windows program folder, if running shared Windows
  • Any server directories where you store graphics or other source files for links that you do not want users to be able to modify in Word
NOTE: In addition, you need to apply Read-Only and Shareable flags to all the files in these locations. Usually, the Windows network administrator sets this sequence of permissions and attributes after performing the server installation of Windows or a program.

NTFS Permissions Required to Create or Modify Documents

MODIFY OR FULL CONTROL
The following is a list of folders where users need these permissions to run Word:
  • The workstation's Word program folder tree, if it is located on the server
  • Temporary folder, if it is located on the server
  • Any server folders where the user stores documents
  • Any server folders where source files for links are located that the user needs to modify (for example, Microsoft Excel worksheets or charts)
NOTE: The minimum permission setting needed in order to open, edit, and save a document within a Windows folder is Modify.

Symptoms of Missing NTFS Permissions

Permission Symptom
Write and List Folder contents The error message "Word cannot open the document" appears when you try to open a file.
Read, Write These permissions allow you to open a document, but when you close the document, the temp files associated with this document are not deleted. Also you cannot save the document, because the temp files cannot be modified or deleted.

Properties

Article ID: 277867 - Last Review: April 20, 2007 - Revision: 2.1
APPLIES TO
  • Microsoft Office Word 2007
  • Microsoft Office Word 2003
  • Microsoft Word 2002 Standard Edition
  • Microsoft Word 2000 Standard Edition
Keywords: 
kbexpertisebeginner kbinfo KB277867

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com