Learn about the technologies behind the Internet with The TCP/IP Guide!|
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
|View over 750 of my fine art photos any time for free at DesktopScenes.com!|
NTFS Security and Permissions
One of the most important advantages that you gain when choosing the NTFS file system over older file systems such as FAT, is much greater control over who can perform what sorts of operations on various data within the file system. FAT was designed in the era of single-user PCs, and contains virtually no built-in security or access management features. This makes it quite poorly-suited to multi-user business environments--can you imagine running a business where any user in the company was free to roam through the file system and open any documents he or she found? This is not a wise way to run a server! In contrast to FAT, NTFS offers a secure environment and flexible control over what can be accessed by which users, to allow for many different users and groups of users to be networked together, with each able to access only the appropriate data.
In this section I take a detailed look at NTFS's security features and how they operate. I begin with a general discussion of NTFS security concepts. I then describe the various NTFS permissions and permission groups that can be assigned to various file system objects. I talk about ownership and how permissions are assigned, and also explain how the inheritance of permissions works, and how NTFS handles resolving multiple permission settings for the same object. Since Windows NT and Windows 2000 handle permissions differently I distinguish between their security models where appropriate.
Note: NTFS security and
permission issues are to some degree inextricably linked to features and aspects of the
operating system, and also touches upon issues related to Windows NT/2000 networking. A
full discussion of Windows NT or Windows 2000 domains, directory services, groups, login
procedures and so on is far beyond the scope of our coverage of NTFS. Therefore, I am
attempting to limit myself to a description of how security works within NTFS itself--even
in this attempt I have probably gone far too much into operating system details. I will
not describe Windows NT/2000 security in general; you may wish to consult a broader
NT/2000 reference if you need more detail on the operating system's security, account
management and access control features than I provide here. In fact, even NTFS permissions
themselves can get very complicated, especially under Windows 2000 with its greater and
more complex security settings. If you want to know all the ins and outs of controlling
permissions you will want to consult a Windows NT or Windows 2000 operating system