Interaction of File and Folder Security on NTFS Volumes (161275)
The information in this article applies to:
- Microsoft Windows NT Server 3.1
- Microsoft Windows NT Workstation 3.1
- Microsoft Windows NT Advanced Server 3.1
- Microsoft Windows NT Workstation 3.5
- Microsoft Windows NT Workstation 3.51
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server 3.5
- Microsoft Windows NT Server 3.51
- Microsoft Windows NT Server 4.0
This article was previously published under Q161275 SUMMARY
After you set permissions on specific files, users and groups sometimes
have more rights to the files than expected. This is because NTFS security
applies both at the file level and at the folder level. NTFS permissions
granted at both levels are cumulative.
For example, you have a folder called Reports and you grant the group
Sales full control, and the group Marketing read access to the folder.
You then put a file called README into the folder, and explicitly set the
rights to the Everyone group as Read. Members of the Marketing group
will be able to read, but not delete the file README. Members of the
Sales group however, will be able to both read and delete the file,
because they have the full control right at the folder level. To prevent
the file from being deleted by either group you would need to change the
Sales group access at the folder level.
Modification Type: | Major | Last Reviewed: | 5/13/2003 |
---|
Keywords: | kbusage KB161275 |
---|
|