Right click the test file and select Properties from the popup menu. If the test file is stored on an NTFS formatted volume, a Security tab will be available. If no security tab is visible, the file is not stored on an NTFS drive.
The security tab is split into two sections. The top section, under the Name title bar, contains a list of all users and groups who have permissions on this object assigned to them. Clicking on a name alters the display in the bottom section, which displays a list of which permissions are assigned to the currently selected user or group. If a user or group does not appear in the Names list, they do not have permissions to the object. NTFS permissions work on a default deny system users must be granted permissions to gain access to resources, they have no access by default.
Permissions can be set to one of three possible options. The first two, Allow and Deny are self-explanatory. Setting a permission to Allow grants the user the abilities associated with that permission. Setting the permission to Deny completely disallows the user the abilities associated with that permission. The mechanism behind the Deny is extremely important to understand. When setting Deny permission, it overrides all granted Allow permissions. It is good practice only to set a Deny permission when it is absolutely required, as troubleshooting permissions issues with denies set in multiple locations can be extremely difficult.
The third possible option cannot be set directly for individual permissions. Ticking the Allow inheritable permissions check box at the bottom of the dialog enables Inherited Permissions. This is not a per user or group setting, instead it configures the NTFS permissions on the file or folder to be exactly the same as its parent folder. Each user or group granted permissions to the parent folder is then added to the Names list, and those parent folder permissions are then replicated on the child object. They appear as a check mark in a grayed out box that cannot be altered (as the permissions assigned to the Everyone group in the above screenshot are), signifying that these permissions are inherited and cannot be changed directly.
Inherited permissions should be used wherever there is logical continuity in the directory structure. For example, if everyone in the accounts department requires access to the C:\Accounts and C:\Accounts\lastyear folders, it is appropriate to assign the necessary permissions to the C:\Accounts folder, and enable inheritance on the C:\Accounts\lastyear folder. However if only some accounts people require access to the C:\Accounts\lastyear folder, it is better practice to remove inheritance from the last year folder and alter the permissions directly. Dont use deny!
Home - Table Of Contents - Contact Us
CertiGuide to A+ (A+ 4 Real) (http://www.CertiGuide.com/apfr/) on CertiGuide.com
Version 1.0 - Version Date: March 29, 2005
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.