This article was previously published under Q161275
After you set permissions on specific files, users and groups sometimeshave more rights to the files than expected. This is because NTFS securityapplies both at the file level and at the folder level. NTFS permissionsgranted at both levels are cumulative.
For example, you have a folder called Reports and you grant the groupSales full control, and the group Marketing read access to the folder.You then put a file called README into the folder, and explicitly set therights to the Everyone group as Read. Members of the Marketing groupwill be able to read, but not delete the file README. Members of theSales group however, will be able to both read and delete the file,because they have the full control right at the folder level. To preventthe file from being deleted by either group you would need to change theSales group access at the folder level.
For additional information on this subject see:
"Windows NT Workstation Resource Kit," Chapter 18, section titled "Controlling Access to Files and Folders"
Windows NT Server "Concepts and Planning Guide," Chapter 5.