NTFS (New Technology File System) permissions can be applied to files, folders and drives formatted with NTFS file system. NTFS permissions are same since the release of Windows Server 2000. NTFS permissions control the access of files and folders in NTFS formatted partition. NTFS permissions once applied is effective for both network users and local users. In this post, I will explain Server 2012 NTFS file and folder permissions. Two important rules of NTFS permission are: –
- By default, the permissions are inherited from parent folder. But if you define the file or folder permission explicitly, the explicit permission takes precedence over those that are inherited from parent folder.
- If the folder have conflicting NTFS permission, deny permission will override conflicting permission. For example, a user is explicitly denied to access a folder called Marketing. The user is also a member of Marketing group and the Marketing group has explicit allow NTFS permission. In this case, the user will be denied to access the folder because deny permission will override conflicting allow permissions.
NTFS permission will apply in the following order if there is conflict: –
- Explicit Deny
- Explicit Allow
- Inherited Deny
- Inherited Allow
Server 2012 NTFS File and Folder Permissions
To configure NTFS permission for folder or file, open the properties of the object. Then select Security tab. Under Group or user names, select or add user or group. Under permissions, allow or deny permissions. There are two types of NTFS permission, standard and advanced. Those permissions displayed under permissions area in Test folder properties is standard NTFS permissions.
Advanced permission is configured by clicking the Advanced button under permissions area. You can add new user or groups to apply NTFS settings. You can select the user or group and click Edit to configure advanced NTFS permission settings.
You will see following windows after clicking Edit option by selecting the object. Configure some advanced NTFS permissions and click OK to apply the permission.
Select the auditing tab in advanced NTFS settings window. This option allows you to logs success or failure of folder access by users or groups. Click Add to configure the setting.
You will see following screen as shown below after clicking Add button. Click select a principal to configure auditing option for user or group. On type, select All to log both success and failure of the folder access by the user AJones. Click OK to apply the settings.
Now let’s play with Effective access option. Effective access is a very quick and handy method to test or check the NTFS permission of user or group for accessing files and folders. Click Effective Access tab on advanced NTFS permission window. Here, you can test the permission effects for each user or group. To check the effective permission for user AJones, click select a user and add user AJones. Then click View effective access. You can see the effective access of user AJones for this Test folder. Here, user AJones doesn’t have full control of the folder, but the user can read and list items of the folder.
This is how you configure NTFS permission in files, folders or drives. NTFS permission and share permissions are different entity. Shared folder permission is only effective while accessing the file or folder from network. But NTFS permission is effective in both case, whether local or network access of a file or folder.