NTFS (New Technology File System) is the standard file system for Microsoft Windows environments. The file system is also supported in other operating systems like Linux, but MacOS only offers read-only support. These NTFS permissions are the rules applied to files and folders to allow, or limit, user access.
If you’re looking to work in information security, then you should know permission management is a critical security concept – and you should be using these permissions alongside share permissions. Don’t worry if you don’t know the difference as we’ll discuss it later!
Setting NTFS Permissions
To set permissions you use the Access Control List, which is accessed through a file/folders properties. Keep NTFS permission best practices in mind though: organise resources first, set permissions for groups (rather than users), and apply the principle of least privilege.
Step One: Ensure you’re logged on to your PC as a user with administrator rights.
Step Two: In Windows Explorer, right-click your file or folder, and then select Properties.
Step Three: From the properties dialogue box, select the Security tab, and then click the Edit option.
Step Four: Under Group or User names, select or add a group or user.
Step Five: Ensuring you have the correct user selected, examine and modify their permissions below.
The Permissions Explained
Assuming you’ve followed the steps above correctly, you should be looking at the NTFS permissions list. The five permissions are explained in more detail below:
- Full Control — Users can add, modify, move and delete files and directories, as well as their associated properties. In addition, users can change permissions settings for all files and subdirectories.
- Modify — Users can view and modify files and file properties, including adding files to or deleting files from a directory, or file properties to or from a file.
- Read & Execute — Users can run executable files, including scripts.
- Read — Users can view files, file properties and directories.
- Write — Users can write to a file and add files to directories.
Despite there only being five listed, there are actually six standard NTFS permissions! As well as read and write, as list above, changing permissions, taking ownership, executing and deleting files are included.
NTFS Permissions vs Share Permissions
Unlike like NTFS permissions, share permissions manage access to folders shared over a network. They do not apply to users who log on locally. Yet, the most significant difference between the two is that share permissions can be used when sharing folders in FAT and FAT32 file systems too. Well, and share permissions only have three options.
Realistically, if you’re choosing between the two, share permissions can only grant limited security; stick with NTFS permissions. However, it is permission management best practice to use NTFS and share permissions combined.
When you are using share and NTFS permissions together, the most restrictive permission always wins.