Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Monday, September 6, 2010

Can a user read data if they have NTFS Write and not NTFS Read?

In class we had some confusion between some NTFS permissions. Here is the official word from Microsoft on the ones in question.

Modify - Users can view and modify files and file properties, including deleting and adding files to a directory or file properties to a file.

Write - Users can write to a file.

Read & Execute - Users can run executable files, including scripts.

Read - Users can view files and file properties.

After testing this, yes the user with only Write access to the folder and its files can also read them.

Another part of this question is what happens to a high level permission when you explicitly remove some of the lower level permissions.

With the Modify permission set, you are also given Read & Execute, List folder contents, Read, and Write. By removing Read permission, you also lose Modify and Read & Execute. If you remove Write you only lose Modify.

Pay close attention to what rights you are giving, and removing from your users.

http://technet.microsoft.com/en-us/library/bb742461.aspx

No comments: