Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products

PowerEdge: Understanding NTFS File, Folder and Share Permissions in Windows

Summary: This article discusses NTFS permissions and share permissions in Windows and how they work together to regulate access to files and folders. Get a detailed guide on Windows folder permissions explained for secure file management. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Instructions

Windows provides two sets of permissions to restrict access to files and folders: NTFS permissions and share permissions

  • NTFS permissions are applied to every file and folder stored on a volume formatted with the NTFS file system. By default, permissions are inherited from a root folder to the files and subfolders beneath it, though this inheritance can be disabled. NTFS permissions take effect regardless of whether a file or folder is accessed locally or remotely. NTFS permissions, at the basic level, offer access levels of Read, Read and Execute, Write, Modify, List Folder Contents, and Full Control, as shown below:

SLN156352_en_US__11375283559403.NTFS-perms

There is also an advanced set of NTFS permissions, which divides the basic access levels into more granular settings. These advanced permissions vary depending on the type of object to which they are applied. The advanced permissions on a folder are shown below:

SLN156352_en_US__21375283626043.NTFS-adv

  • Share permissions are only applied to shared folders. They take effect when a shared folder is accessed across a network from a remote system. The share permissions on a particular shared folder apply to that folder and its contents. Share permissions are less granular than NTFS permissions, offering access levels of Read, Change, and Full Control:

SLN156352_en_US__31375283849507.share-perms

 

The most important thing to remember about NTFS permissions and share permissions is the manner in which they combine to regulate access.
The rules for determining a user's level of access to a particular file are as follows:

  • If the file is accessed locally, only the NTFS permissions are used.
  • If the file is accessed through a share, NTFS and share permissions are both used, and the most restrictive permission applies. For example, if the share permissions on the shared folder grant the user Read access and the NTFS permissions grant the user Modify access, the user's effective permission level is Read when accessing the share remotely and Modify when accessing the folder locally.
  • A user's individual permissions combine additively with the permissions of the groups that the user is a member of. If a user has Read access to a file, but the user is a member of a group that has Modify access to the same file, the user's effective permission level is Modify.
  • Permissions assigned directly to a particular file or folder (explicit permissions) take precedence over permissions inherited from a parent folder (inherited permissions).
  • Explicit Deny permissions take precedence over explicit Allow permissions, but because of the previous rule, explicit Allow permissions take precedence over inherited Deny permissions.

 

Both sets of permissions can be assigned in the properties window of a file or folder. NTFS permissions are assigned in the Security tab of the properties window. Share permissions are assigned in the Sharing tab by clicking Advanced Sharing, then clicking Permissions.
 

Additional Information

Affected Products

Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2

Products

Modular Infrastructure, Rack Servers, Tower Servers
Article Properties
Article Number: 000137238
Article Type: How To
Last Modified: 02 Dec 2024
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.