Windows 2000 file permission goodies

When you're installing Windows 2000, either clean or upgrading a server, you should be aware of new capabilities that Windows 2000 brings. And while you're administering security, the new capabilities give you far better control over users than was possible in the past. This tip, from Windows 2000 Security, by

    Requires Free Membership to View

Roberta Bragg, published by New Riders, discusses some of the issues.

To manage permissions on an object in Windows NT, you grant a specific type of access, give no access by simply not including the account, or explicitly define access by using the No Access permission. Windows 2000 increases the granularity by giving you the choice of Allow or Deny for each type of permission possible on an object. This is true of permissions set on printers, registry keys, and other objects as well as on files and folders. File and folder permissions are grouped into categories; each category can include the permission sets of other categories. Categories are

  • Full Control (includes Modify, Read & Execute, List Folder Contents, Read, Write)
  • Modify (includes Read & Execute, List Folder Contents, Read, Write)
  • Read & Execute (includes List Folder Contents, Read)
  • List Folder Contents
  • Read
  • Write

Each category is a collection of permission sets. These permission sets can be viewed and selected individually on the Advanced page of the Security tab of the file or folder object properties page.

Each category and permission can be set to Allow or Deny for a particular user or group. This granularity allows a user to be denied Write permission, for example, on a file [for which] a group to which he belongs has Write permission. In Windows NT, this cannot be done; it is either lose all permissions, or create even more groups.

To learn more about Windows 2000 Security, or to buy this book, click here.

This was first published in November 2000

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.