Default NTFS Permissions in Windows 2000

This article was previously published under Q244600
This article has been archived. It is offered "as is" and will no longer be updated.
SUMMARY
This article lists the default permissions on a drive that has been formatted with the NTFS file system for the first time. Some of these folders are hidden by default.
MORE INFORMATION
The default NTFS permissions on common Windows 2000 folders on drive C are listed below. Note that this article assumes that Windows 2000 is installed on drive C. If you installed Windows 2000 on a different drive letter, substitute that drive letter for drive C in the folder locations listed below:

Default NTFS Permissions for Servers Configured as Member Servers:

C:\ (Note: Setup does not change the permissions on %systemdrive% because the Windows 2000 ACL Inheritance model would recursively try to configure all subdirectories of the root. Administrators should configure root directory security according to their own system configurations and requirements.)C:\Program Files and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Users - Read   System - Full Control   Power Users - Change   Terminal Server User - ChangeC:\Documents and Settings   Administrators - Full Control   Power Users - Read   Everyone - Read   Users - Read   System - Full ControlC:\Documents and Settings\Administrator and <subfolders>   Administrator - Full Control   Administrators - Full Control   System - Full ControlC:\Documents and Settings\All Users and <subfolders>   Administrators - Full Control   Power Users - Change   Users - Read   Everyone - Read   System - Full ControlC:\Documents and Settings\Default User and <subfolders>   Administrators - Full Control   Power Users - Read   Users - Read   Everyone - Read   System - Full ControlC:\%SystemRoot%   Administrators- Full Control   Creator/Owner - Full Control   Everyone - Read   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Addins   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Connection Wizard   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Config   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Cursors   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Debug   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Driver Cache   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Driver Cache\I386   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Fonts   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Help   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   Terminal Server User - Special (RWX)   System - Full ControlC:\%SystemRoot%\Inf   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Java and <subfolders>   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Media   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Msagent and subfolders   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Msapps and subfolders   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Mww32 and subfolders   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Registration   Administrators - Full Control   Everyone - Read   System - Full ControlC:\%SystemRoot%\Repair   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Security and <subfolders>   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Read   Users - Read   System - Full ControlC:\%SystemRoot%\Speech   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   Everyone - Read   System - Full ControlC:\%SystemRoot%\System32\CatRoot   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Com    Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Config   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Read   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Dhcp   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Read   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Drivers and <subfolders>   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Read   Users - Read   System - Full ControlC:\%SystemRoot%\System32\DTCLog   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\system32\export   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\GroupPolicy and <subfolders>   Administrators - Full Control   Authenticated Users - Read   System - Full ControlC:\%SystemRoot%\System32\IAS   Administrators - Full Control   Creator/Owner - Full Control   System - Full ControlC:\%SystemRoot%\System32\Inetsrv    Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Mui and <subfolders>   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Npp   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\NtmsData   Administrators - Full Control   System - Full ControlC:\%SystemRoot%\System32\Os2 and <subfolders>   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Ras   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Rocket   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Rpcproxy   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Setup   Everyone - Full Control   C:\%SystemRoot%\System32\ShellExt   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Spool and <subfolders>   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Wbem and <subfolders>   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\System32\Wins   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlC:\%SystemRoot%\Temp   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Special   System - Full ControlC:\%SystemRoot%\twain_32   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full Control C:\%SystemRoot%\Web   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full ControlAny other folders   Administrators- Full Control   Creator/Owner - Full Control   Power Users - Change   Users - Read   System - Full Control				


Default NTFS Permissions for Servers Configured as Domain Controllers:



C:\ (Note: Setup does not change the permissions on %systemdrive% because the Windows 2000 ACL Inheritance model would recursively try to configure all subdirectories of the root. Administrators should configure root directory security according to their own system configurations and requirements.)C:\Program Files and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full Control   C:\Documents and Settings   Administrators - Full Control   Everyone - Read   Users - Read   System - Full ControlC:\Documents and Settings\Administrator and <subfolders>   Administrator - Full Control   Administrators - Full Control   System - Full ControlC:\Documents and Settings\All Users and <subfolders>   Administrators - Full Control   Users - Read   Everyone - Read   System - Full ControlC:\Documents and Settings\Default User and <subfolders>   Administrators - Full Control   Users - Read   Everyone - Read   System - Full ControlC:\%SystemRoot%   Administrators- Full Control   Creator/Owner - Full Control   Everyone - Read   Server Operators - Change   Authenticated Users - Read   System - Full ControlC:\%SystemRoot%\Addins   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Connection Wizard   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Config   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Cursors   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Debug   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Driver Cache   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Driver Cache\I386   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Fonts   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Help   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Inf   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Java and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Media   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Msagent and subfolders   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Msapps and subfolders   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Mww32 and subfolders   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Registration   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Repair   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Security and <subfolders>   Administrators - Full Control   Server Operators - Read   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Speech   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read   Everyone - Read      System - Full ControlC:\%SystemRoot%\System32\CatRoot   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Com    Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Config   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Read   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Dhcp   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Read   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Drivers and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\DTCLog   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\system32\export   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\GroupPolicy and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Read   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\IAS   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   System - Full ControlC:\%SystemRoot%\System32\Inetsrv    Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Mui and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Npp   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\NtmsData   Administrators - Full Control   System - Full ControlC:\%SystemRoot%\System32\Os2 and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Ras   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Rocket   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Rpcproxy   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Setup   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full Control   C:\%SystemRoot%\System32\ShellExt   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Spool and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Print Operators - Full Control   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Wbem and <subfolders>   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\System32\Wins   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlC:\%SystemRoot%\Temp   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Special      System - Full ControlC:\%SystemRoot%\twain_32   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full Control C:\%SystemRoot%\Web   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full ControlAny other folders   Administrators - Full Control   Creator/Owner - Full Control   Server Operators - Change   Authenticated Users - Read      System - Full Control				
NOTE: These permissions do not apply to a drive that is converted to NTFS using the Convert utility. A converted NTFS drive consists of all files and folders with Everyone--Full Control as the default permission.

NOTE: The default permissions for the C:\ root directory, and all other hard drive root directories (for example D:\, E:\), enable Full Control for the Everyone special group, in Windows 2000.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
148437 Default NTFS Permissions in Windows NT
Properties

Article ID: 244600 - Last Review: 12/05/2015 16:22:59 - Revision: 2.2

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server

  • kbnosurvey kbarchive kbenv kbinfo KB244600
Feedback