File and Folder Permissions - Paiet/Tech-Journal-for-Everything GitHub Wiki

File and Folder Permissions

Configure NTFS Permissions

Permission Chart: http://www.ntfs.com/ntfs-permissions-file-folder.htm Show access process diagram here: https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-principals Security Principal something I can assign permissions to.

• User, group or computer.

• Open file explorer

• Create test folder

• Rt click for properties

• View Security Tab DACL Discretionary Access Control List

• View individual ACEs Access Control Entries

• Ace to present access token with DACL of resource

• Add Hosts group to modify permissions

• Read

• List Folder contents (only applicacable to folders)

• Write not inclusive to read

• Modify builds on read and write but adds capability of delete

• Can not change file name without Modify

• Full control adds to modify ACL, take ownership

• Also note special permissions *Advanced/Resource/Edit/Show special permissions

• Check out Effective Permissions to see what permissions Ronnie has

• LAB Try to access via Zack vs Ronnie

• Rt click sales properties

• Explain implicit deny by not adding a user or group to a resource

• Assign some permissions to sales folder

• Compare sales Sec tab and child permissions

• Note the black & grey checks for explicit vs inherited permissions

  • Change Parent object permissions
  • Assign opposite permission by using deny
  • An explicit allow can override inherited denies
  • Block inheritance
    • Order Form Properties/Security Tab/Adavanced
    • Note where permissions are being inherited from
    • You can even clear them out to remove the group
    • Go to Customer Form folder to disable inheritance and note Security Tab/ Advanced/Disable inheritance/ Remove all inherited Permissions
    • Note no System accounts avail for that resource