The shared folders you’ve
created can have one of three basic permissions: Reader, Contributor,
and Co-Owner. For a basic home network, these permissions are suitable.
But what if these just don’t work for you? What if you want to let a
user access a shared folder to read files and modify those files but not
create new ones and not run any executable programs stored in the
shared folder? That goes a bit beyond the default share permissions and
must be configured by using security permissions.
Security permissions are referred to as NTFS permissions. NTFS (an acronym for NT file system)
is a technology available in Windows Vista that lets you specify
exactly what you want people to be able to do with shared data. You can
configure something as complex as allowing three users to access and
modify data while allowing two others to only access and read the data
and while also allowing one user to only run programs and not even view
the data—all on the same shared folder!
Be warned before
continuing. Entire books have been written about applying these
permissions. Thus, I won’t go into detail regarding how to accomplish
applying these permissions or what happens when you apply share
permissions and NTFS permissions on the same folder.
Note
You won’t be able to apply NTFS permissions if your file system is not formatted with NTFS.
Understand Advanced Permission Levels
When setting advanced
permissions, you have several to configure. For each, you can select
Allow or Deny. Some options you can allow or deny include Modify, Read,
and Write. This means you can let an individual read a file but not
write to or modify it. When applying NTFS permissions, understand that
Deny always wins over Allow. Choosing Deny for any category overrides
any other permission granted, and that includes “inherited” permissions
from parent folders.
Applying multiple permissions
for multiple users is a little tricky, as you’d guess; it’s often hard
to determine just what a user can and can’t do if you go overboard applying
them. There’s also the additional option Special Permissions, which
really complicates things. Therefore, another word of caution: Apply
advanced permissions only if you really must. Try to use the default
permissions of Reader, Contributor, and Co-Owner first, and then move to
advanced permissions only if those don’t suit your needs. Table 1 lists the available NTFS permissions and a description of each.
Table 1. Permissions
PERMISSION LEVEL | DESCRIPTION |
---|
Full Control | Users can modify, execute, read, and write to files and folders. |
Modify | Users can change files and folders but not create new ones. |
List Folder Contents | Users can view file names and subfolder names within a folder. |
Read & Execute | Users can see (read) files and folders and run programs. |
Read | Users can see (read) the contents of a folder and open folders. |
Write | Users can create new files and folders and can make changes to existing files and folders. |
Special Permissions | Special permissions include permissions such as Take Ownership, Delete, and Synchronize. |
Note
I won’t go into the
Special Permissions option here. If you find that default and advanced
permissions don’t offer what you need, refer to the Help and Support
files in Windows Vista for additional information.
Apply Security Permissions
If you want to apply
NTFS permissions, right-click the shared folder, click Properties, and
select the Security tab. Choose any user, and click Edit. Select a user
from the Permissions dialog box or add a new user, and then apply the
permissions as desired. Figure 1 shows what you might see when applying NTFS permissions.