Windows NTFS permissions are required when you run Word on any NTFS partition that has Windows 2000, Windows XP Professional, Windows Server 2003, or Windows Vista installed

Summary
This article describes the Microsoft Windows NTFS file system permissions that are required when you perform specific Microsoft Word operations on any NTFS partition that has one of the following Microsoft Windows operating systems installed:
  • Windows 2000
  • Windows XP Professional
  • Windows Server 2003
  • Windows Vista
More information

Description of File System Folder and File Permissions

Windows enforces security at every folder level. On a computer that is running Windows, if a user has no permissions for a high-level folder, the user cannot access that folder or view its contents.

Folder permissions control general access to a folder, its files, and its subfolders. When granted at the folder level, the permissions apply to all the files and subdirectories in that folder, unless the permissions are redefined at the file or subfolder level.

The following six folder permissions can be granted at the folder level on a Windows file system.
Folder permissionExplanation
List Folder ContentsUser can only list the files and subdirectories in this folder. User cannot open any files created in this folder.
ReadUser can read the contents of files in this folder.
Read & ExecuteUser can read the contents of files in this folder and also execute files in this folder.
ModifyUser can read, write, execute, create, and delete files in this folder.
WriteUser can read, write, and create files or folders in this folder.
Full ControlUser can read and change files, add new ones, change permissions for the folder and its files, and take ownership of the folder and its files.
The following table shows the logical group of special permissions associated with folder permissions.
Special permissionFull ControlModifyRead & ExecuteList Folder ContentsReadWrite
Traverse Folder/Execute Filexxxx
List Folder/Read Dataxxxxx
Read Attributesxxxxx
Read Extended Attributesxxxxx
Create Files/Write Dataxxx
Create Folders/Append Dataxxx
Write Attributesxxx
Write Extended Attributesxxx
Delete Subfolders and Filesx
Deletexx
Read Permissionsxxxxxx
Change Permissionsx
Take Ownershipx
Synchronizexxxxxx
File permissions control access to specific files in a folder. They are used to redefine the permissions that users inherit from folder permissions.

The following permissions can be granted at the file level on a Windows file system.
File permissionDescription
Read & ExecuteUser can read the contents of a file or execute a file.
ReadUser can read the content of the file.
ModifyUser can read, write, delete, and create a file.
WriteUser can write to files.
Full Control (All)User can read and change the file, add new ones, change permissions for the file, and take ownership of the file.
The following table shows the logical group of special permissions associated with the file permissions.
Special permissionFull ControlModifyRead & ExecuteReadWrite
Traverse Folder/Execute Filexxx
List Folder/Read Dataxxxx
Read Attributesxxxx
Read Extended Attributesxxxx
Create Files/Write Dataxxx
Create Folders/Append Dataxxx
Write Attributesxxx
Write Extended Attributesxxx
Delete Subfolders and Filesx
Deletexx
Read Permissionsxxxxx
Change Permissionsx
Take Ownershipx
Synchronizexxxxx

Description of Special Permissions for Files and Folders

You can set any or all of the following special permissions on files and folders.
Special permissionDescription
Traverse Folder/Execute File Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders (applies to folders only). Traverse Folder takes effect only when the group or user is not granted the Bypass Traverse Checking user right in the Group Policy snap-in. (By default, the Everyone group is given the Bypass Traverse Checking user right.)

Execute File allows or denies running program files (applies to files only).

NOTE Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.
List Folder/Read DataList Folder allows or denies viewing file names and subfolder names within the folder (applies to folders only). Read Data allows or denies viewing data in files (applies to files only).
Read AttributesAllows or denies viewing the attributes of a file or folder, such as read-only and hidden. Attributes are defined by NTFS file system.
Read Extended AttributesAllows or denies viewing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.
Create Files/Write DataCreate Files allows or denies creating files within the folder (applies to folders only).

Write Data allows or denies making changes to the file and overwriting existing content (applies to files only).
Create Folders/Append DataCreate Folders allows or denies creating folders within the folder (applies to folders only).

Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data (applies to files only).
Write AttributesAllows or denies changing the attributes of a file or folder, such as read-only or hidden. Attributes are defined by NTFS.
Write Extended AttributesAllows or denies changing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.
Delete Subfolders and FilesAllows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file.
DeleteAllows or denies deleting the file or folder. If you do not have Delete permission on a file or folder, you can still delete it if you have been granted Delete Subfolders and Files on the parent folder.
Read PermissionsAllows or denies reading permissions of the file or folder, such as Full Control, Read, and Write.
Change PermissionsAllows or denies changing permissions of the file or folder, such as Full Control, Read, and Write.
Take OwnershipAllows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.
SynchronizeAllows or denies different threads permission to wait on the handle for the file or folder and synchronize with another thread that may signal it. This permission applies only to multithreaded, multiprocess programs.

NTFS Permissions Required to Only Read Documents

READ, OR READ & EXECUTE
The following is a list of folders where users need only Read or Read & Execute permissions to run Word (they only need to be able to read from these folders):
  • Server location of Word program folder tree (Administrative installation)
  • Server location of shared Microsoft applications (MSAPPS) folder tree (Administrative installation)
  • Windows program folder, if running shared Windows
  • Any server directories where you store graphics or other source files for links that you do not want users to be able to modify in Word
NOTE: In addition, you need to apply Read-Only and Shareable flags to all the files in these locations. Usually, the Windows network administrator sets this sequence of permissions and attributes after performing the server installation of Windows or a program.

NTFS Permissions Required to Create or Modify Documents

MODIFY OR FULL CONTROL
The following is a list of folders where users need these permissions to run Word:
  • The workstation's Word program folder tree, if it is located on the server
  • Temporary folder, if it is located on the server
  • Any server folders where the user stores documents
  • Any server folders where source files for links are located that the user needs to modify (for example, Microsoft Excel worksheets or charts)
NOTE: The minimum permission setting needed in order to open, edit, and save a document within a Windows folder is Modify.

Symptoms of Missing NTFS Permissions

PermissionSymptom
Write and List Folder contentsThe error message "Word cannot open the document" appears when you try to open a file.
Read, WriteThese permissions allow you to open a document, but when you close the document, the temp files associated with this document are not deleted. Also you cannot save the document, because the temp files cannot be modified or deleted.
rights winnt wd2000 WD2002 WD2003 WD2007
Atribuudid

Artikli ID: 277867 – viimati läbi vaadatud: 04/02/2015 02:00:00 – redaktsioon: 4.0

Microsoft Office Word 2007, Microsoft Word 2002, Microsoft Word 2000

  • kbexpertisebeginner kbinfo KB277867
Tagasiside