跳转至主要内容
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表
某些文章编号可能已更改。如果这不是您要查找的内容,请尝试搜索所有文章。搜索文章

Understanding File and Folder Permissions in Windows

摘要: This article discusses NTFS permissions and share permissions in Windows and how they work together to regulate access to files and folders.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。

说明

Windows provides two sets of permissions to restrict access to files and folders: NTFS permissions and share permissions.

  • NTFS permissions are applied to every file and folder stored on a volume formatted with the NTFS file system. By default, permissions are inherited from a root folder to the files and subfolders beneath it, though this inheritance can be disabled. NTFS permissions take effect regardless of whether a file or folder is accessed locally or remotely. NTFS permissions, at the basic level, offer access levels of Read, Read and Execute, Write, Modify, List Folder Contents, and Full Control, as shown below:
    SLN156352_en_US__11375283559403.NTFS-perms

    There is also an advanced set of NTFS permissions, which divides the basic access levels into more granular settings. These advanced permissions vary depending on the type of object to which they are applied. The advanced permissions on a folder are shown below:
    SLN156352_en_US__21375283626043.NTFS-adv
  • Share permissions are only applied to shared folders. They take effect when a shared folder is accessed across a network from a remote system. The share permissions on a particular shared folder apply to that folder and its contents. Share permissions are less granular than NTFS permissions, offering access levels of Read, Change, and Full Control:
    SLN156352_en_US__31375283849507.share-perms

The most important thing to remember about NTFS permissions and share permissions is the manner in which they combine to regulate access.
The rules for determining a user's level of access to a particular file are as follows:

  • If the file is accessed locally, only the NTFS permissions are used.
  • If the file is accessed through a share, NTFS and share permissions are both used, and the most restrictive permission applies. For example, if the share permissions on the shared folder grant the user Read access and the NTFS permissions grant the user Modify access, the user's effective permission level is Read when accessing the share remotely and Modify when accessing the folder locally.
  • A user's individual permissions combine additively with the permissions of the groups that the user is a member of. If a user has Read access to a file, but the user is a member of a group that has Modify access to the same file, the user's effective permission level is Modify.
  • Permissions assigned directly to a particular file or folder (explicit permissions) take precedence over permissions inherited from a parent folder (inherited permissions).
  • Explicit Deny permissions take precedence over explicit Allow permissions, but because of the previous rule, explicit Allow permissions take precedence over inherited Deny permissions.
 

Both sets of permissions can be assigned in the properties window of a file or folder. NTFS permissions are assigned in the Security tab of the properties window. Share permissions are assigned in the Sharing tab by clicking Advanced Sharing, then clicking Permissions.
 

其他信息

受影响的产品

Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2
文章属性
文章编号: 000137238
文章类型: How To
上次修改时间: 29 8月 2024
版本:  5
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。