Windows XP / Networking


User rights control what a user can do on a network-wide basis. Permissions enable you to fine-tune your network security by controlling access to specific network resources, such as files or printers, for individual users or groups. For example, you can set up permissions to allow users into the accounting department to access files in the server's \ACCTG directory. Permissions can also enable some users to read certain files but not modify or delete them.

Each network operating system manages permissions in a different way. Whatever the details, the effect is that you can give permission to each user to access certain files, folders, or drives in certain ways.

Any permissions that you specify for a folder apply automatically to any of that folder's subfolders, unless you explicitly specify a different set of permissions for the subfolder.

File system rights are referred to as trustee rights. NetWare has eight different trustee rights, listed in Table below. For every file or directory on a server, you can assign any combination of these eight rights to any individual user or group.

NetWare Trustee Rights
Trustee RightAbbreviationWhat the User Can Do
ReadRThe user can open and read the file.
WriteWThe user can open and write to the file.
CreateCThe user can create new files or directories.
ModifyMThe user can change the name or other properties of the file or directory.
File ScanFThe user can list the contents of the directory.
EraseEThe user can delete the file or directory.
Access ControlAThe user can set the permissions for the file or directory.
SupervisorSThe user has all rights to the file.

Windows refers to file system rights as permissions. Windows servers have six basic permissions, listed below. As with NetWare trustee rights, you can assign any combination of Windows permissions to a user or group for a given file or folder.

Windows Basic Permissions
PermissionAbbreviationWhat the User Can Do
ReadRThe user can open and read the file.
WriteWThe user can open and write to the file.
ExecuteXThe user can run the file.
DeleteDThe user can delete the file.
ChangePThe user can change the permissions for the file.
Take OwnershipOThe user can take ownership of the file.

Note the last permission. In Windows, the concept of file or folder ownership is important. Every file or folder on a Windows server system has an owner. The owner is usually the user who creates the file or folder. However, ownership can be transferred from one user to another. So why the Take Ownership permission? This permission prevents someone from creating a bogus file and giving ownership of it to you without your permission. Windows does not allow you to give ownership of a file to another user. Instead, you can give another user the right to take ownership of the file. That user must then explicitly take ownership of the file.

You can use Windows permissions only for files or folders that are created on drives formatted as NTFS volumes. If you insist on using FAT or FAT32 for your Windows shared drives, you can't protect individual files or folders on the drives. This is one of the main reasons for using NTFS for your Windows servers.

[Previous] [Contents] [Next]

In this tutorial:

  1. Managing User Accounts
  2. User Accounts
  3. Built-In Accounts
  4. User Rights
  5. Permissions
  6. User Profiles
  7. Group Therapy
  8. Logon Scripts