The file system has an important feature called NTFS permissions, which allows us to determine how a user has access to a file, folder, container, or object. Authorized users use this feature to provide access control on the network as a type of system security. NTFS permissions are available for those formatted drives with the NTFS file system both in Windows and Windows Server. The configuration in both Windows client and Windows Server are the same. The following article will guide you on how to set NTFS permissions in Windows Server 2022 for groups or users.
Setting NTFS permissions for users.
To set the NTFS file system, open file explorer and right-click on the folder or file, you want to implement the permissions. Then, click on the properties and click on the security tab in the new dialogue box. You can see some important users and groups already exist:
- Authenticated users: This includes all the users who login into the System successfully (Windows Client)
- System: Specialized group from the operating System
- Administrator: The user who login into the System and have administrative privileges.
If you want to add or delete a new user or group from the list, click on the Edit button. To delete a new user or group, select the intended user or group from the list and click on the Remove button. Moreover, if you decide to add a new user or group, click on Add button.
Write the name of the user or group in the search box and click on the Check Names. Alternatively, you can select the new user or group by clicking on the advanced button and then the Find Now button. Finally, click on Ok.
After selecting the user or group, you can provide them permission access, and click Ok.
Basic NTFS Permissions
Generally, there are two types of NTFS permissions; Basic and Advanced permissions. The six types of permissions that are easily accessible to the administrator are called the Basic types of permissions:
- Full Control; the user has access to the System entirely and even can control the permissions.
- Modify; the user can bring changes and delete the files and folders.
- Read and execute; the person can read the data or file and run it.
- List folder content; it shows lists of all the files and folders that exist in the selected folder, but you can read or execute those files or folders.
- Read; this type of permission allows the user only to read the file.
- Write; users can create new files and write new data.
If you click on the Advanced button, a new window pops up that enables you to edit or remove the user. Additionally, another button, Edit or View (When it is the view, you cannot bring changes, you should disable the inheritance, then you can edit)also exists next to them. If you click on the edit button, a new dialogue window with basic permissions shows up; a hyperlink on the right-hand side, “Show Advanced Permissions”, leads you to more special permissions.
Allow or Deny
While giving permission access to the user or group, you notice two columns in the permission types section: Allow, and Deny. The deny permission is rarely used, and it is used when it is necessary to override permissions.
Inheritance vs. explicit permissions
You can assign permissions to a folder explicitly or by inheritance. If permission is set by default or by the user’s action, called explicit permissions. On the other hand, when an object or folder, or file receives permission because of its parent that is called inheritance permissions. To illustrate it further, there is a folder “MyFile”. You explicitly give Modify permission to this folder; all the subfolders in the MyFile folder will inherit that permission by default.
However, you can stop all the sub-folders from inheriting. To do this, right-click on a folder or file, then go to the properties of that object. In the Security tab, click on Advanced, and at the bottom of the Advanced Security Setting dialogue window, click on Disable inheritance button. In a new tiny window, a question pops up that asks you what you would like to do with the current inherited permission. Then select the answer from those two options according to your desire, and you are done!
To conclude, NTFS permissions provide an essential way of controlling your files, folders, containers, and objects in the NTFS file system in Windows and Windows Server. This article has defined basic types of NTFS permissions in Windows Server and will write about the advanced permission in the near future. If you have any questions or recommendations, you can write them in the comment section.