8-11Lesson 2 Assigning NTFS Permissions and Special Permissions
F08us06
Figure 8-6
Select special permissions by using the Permission Entry For dialog box.
Table 8-5
Special Permissions
Permission Description
Full Control Full Control applies all permissions to the user or group.
Traverse Folder/
Traverse Folder is applied only to folders and allows a user to move (or
Execute File
denies a user from moving) through folders even when the user has no per-
missions set on the traversed folder (the folder that the user is moving
through). For example, a user might not have permissions set on a folder
named Sales, but might have permission to access a subfolder named Bro-
chures that is in the Sales folder. If allowed the Traverse Folder permission,
the user could access the Brochures folder. The Traverse Folder permission
has no affect on users for whom the Bypass Traverse Checking user right is
assigned.
Execute File is applied only to files and allows or denies running executable
files (application files). Execute File applies only to files.
List Folder/Read
List Folder allows or denies viewing file names and subfolder names within
the folder. List Folder applies only to folders.
Data
Read Data allows or denies viewing the contents of a file. Read Data applies
only to files.
Read Attributes Read Attributes allows or denies the viewing of the attributes of a file or
folder. These attributes are defined by NTFS.
Read Extended
Read Extended Attributes allows or denies the viewing of extended
Attributes
attributes of a file or a folder. These attributes are defined by programs.
Create Files/
Create Files allows or denies the creation of files within a folder. Create
Write Data
Files applies to folders only.
Write Data allows or denies the making of changes to a file and the over-
writing of existing content. Write Data applies to files only.
Create Folders/
Create Folders allows or denies the creation of folders within the folder.
Append Data
Create Folders applies only to folders.
Append Data allows or denies making changes to the end of the file, but
not changing, deleting, or overwriting existing data. Append Data applies to
files only.
Write Attributes Write Attributes allows or denies the changing of the attributes of a file or
Write Extended Attributes allows or denies the changing of the extended
Write Extended
Delete Subfolders
Delete Subfolders And Files allows or denies the deletion of subfolders or
And Files
files within a folder, even if the Delete permission has not been granted on
the particular subfolder or file.
Delete Delete allows or denies the deletion of a file or folder. A user can delete a
file or folder even without having the Delete permission granted on that file
or folder, if the Delete Subfolder And Files permission has been granted to
the user on the parent folder.
Read Permissions Read Permissions allows or denies the reading of the permissions assigned
to the file or folder.
Change Permis-
Change Permissions allows or denies the changing of the permissions
sions
assigned to the file or folder. You can give other administrators and users
the ability to change permissions for a file or folder without giving them the
Full Control permission over the file or folder. In this way, the administrator
or user cannot delete or write to the file or folder, but can assign permis-
sions to the file or folder.
Take Ownership Take Ownership allows or denies taking ownership of the file or folder. The
owner of a file can always change permissions on a file or folder, regardless
of the permissions set to protect the file or folder.
Synchronize Synchronize allows or denies different threads in a multithreaded program
to synchronize with one another. A multithreaded program performs multi-
ple actions simultaneously by using both processors in a dual-processor
computer. This permission is not assigned to users, but instead applies only
to multithreaded programs.
!
Exam Tip When you grant permissions, grant users the minimum permissions that they
need to get their job done. This is referred to as the principle of least privilege.
Bạn đang xem 8 - - MICROSOFT WINDOWS XP PROFESSIONAL EXAM 70 270 PHẦN 4 PPT