Windows 2000 file permission goodies

Expert Roberta Bragg's advice on optimizing Win2k security through tighter control of user rights.

When you're installing Windows 2000, either clean or upgrading a server, you should be aware of new capabilities

that Windows 2000 brings. And while you're administering security, the new capabilities give you far better control over users than was possible in the past. This tip, from Windows 2000 Security, by Roberta Bragg, published by New Riders, discusses some of the issues.

To manage permissions on an object in Windows NT, you grant a specific type of access, give no access by simply not including the account, or explicitly define access by using the No Access permission. Windows 2000 increases the granularity by giving you the choice of Allow or Deny for each type of permission possible on an object. This is true of permissions set on printers, registry keys, and other objects as well as on files and folders. File and folder permissions are grouped into categories; each category can include the permission sets of other categories. Categories are

  • Full Control (includes Modify, Read & Execute, List Folder Contents, Read, Write)
  • Modify (includes Read & Execute, List Folder Contents, Read, Write)
  • Read & Execute (includes List Folder Contents, Read)
  • List Folder Contents
  • Read
  • Write

Each category is a collection of permission sets. These permission sets can be viewed and selected individually on the Advanced page of the Security tab of the file or folder object properties page.

Each category and permission can be set to Allow or Deny for a particular user or group. This granularity allows a user to be denied Write permission, for example, on a file [for which] a group to which he belongs has Write permission. In Windows NT, this cannot be done; it is either lose all permissions, or create even more groups.

To learn more about Windows 2000 Security, or to buy this book, click here.


This was first published in November 2000

Dig deeper on Windows File Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close