NTFS Permissions

In any Windows network, you can set sharing permissions for drives and folders. On that network, each user can choose to share entire drives or individual folders with the network.

NTFS (NT File System) permissions are available to drives formatted with NTFS. The advantage with NTFS permissions is that they affect local users as well as network users and they are based on the permission granted to each individual user at the Windows logon, regardless of where the user is connecting.

NTFS is the standard file system of Windows NT and all Windows operating systems that have come after it. Windows 2000 and older introduced some far-reaching changes that included control over inherited permissions and how permissions were configured to share files and folders. You use shared folders to provide network users with access to file resources.

Administrators can use the NTFS utility to provide access control for files and folders, containers and objects on the network as a type of system security. Known as the "Security Descriptor", this information controls what kind of access is allowed for individual users and groups of users.

Along with the additional functionality that NTFS provides comes the potential for complex configurations that can lead to administration headaches. If you don't have a thorough understanding of various permissions and their relationships, it can be difficult to sort out a permission problem when it occurs.

For a more low-level description of NTFS SECURITY_DESCRIPTOR, see metafile $Secure in this guide.