Lesson 2: Assigning Special Access Permissions

Previous page
Table of content
Next page

The standard NTFS permissions generally provide all of the access control that you need to secure your resources. However, sometimes the standard NTFS permissions don't provide the specific level of access that you might want to assign to users. To create a specific level of access, you assign NTFS special access permissions.

After this lesson, you will be able to

  • Allow users to change permissions on files or folders
  • Allow users to take ownership of files and folders

Estimated lesson time: 5 minutes

Using Special Access Permissions

There are 14 special access permissions. Two of them are particularly useful for controlling access to resources. These are Change Permissions and Take Ownership.

When you assign special access permissions to folders, you can choose where to apply the permissions down the tree to subfolders and files.

Changing Permissions

You can enable other administrators and users to change permissions for a file or folder without giving them the Full Control permission over the file or folder. In this way, the administrator or user can't delete or write to the file or folder but can assign permissions to the file or folder.

To enable administrators to change permissions, assign Change Permissions to the Administrators group for the file or folder.

Taking Ownership

You can transfer ownership of files and folders from one user account or group to another user account or group. You enable someone to take ownership and, as an administrator, you can take ownership of a file or folder.

The following rules apply for taking ownership of a file or folder:

  • The current owner or any user with Full Control permission can assign the Full Control standard permission or the Take Ownership special access permission to another user account or group, allowing the user account or a member of the group to take ownership.
  • An administrator can take ownership of a folder or file, regardless of assigned permissions. If an administrator takes ownership, the Administrators group becomes the owner, and any member of the Administrators group can change the permissions for the file or folder and assign the Take Ownership permission to another user account or group.

    For example, if an employee leaves the company, an administrator can take ownership of the employee's files, assign the Take Ownership permission to another employee, and then that employee can take ownership of the former employee's files.

NOTE

You cannot assign anyone ownership of a file or folder. The owner of a file, an administrator, or anyone with Full Control permission can assign Take Ownership permission to a user account or group, allowing them to take ownership. To become the owner of a file or folder, a user or group member with Take Ownership permission must explicitly take ownership of the file or folder, as explained later in this chapter.

Setting Special Access Permissions

Follow these steps to assign special access permissions to enable users to change permissions and take ownership of files and folders:

  1. In the Access Control Settings dialog box for a file or folder, on the Permissions tab, select the user account or group for which you want to apply NTFS special access permissions.
  2. Click View/Edit to open the Permissions Entry dialog box (see Figure 3.4).

Figure 3.4 The Permission Entry dialog box

The options in the Permissions Entry dialog box are described in Table 3.6.

Table 3.6 Options in the Permissions Entry Dialog Box

Option Description
Name The user account or group name. To select a different user account or group, click Change.
Apply Onto The level of the folder hierarchy at which the special NTFS permissions are inherited. The default is This Folder, Subfolders And Files.
Permissions The special access permissions. To allow the Change Permissions permission or Take Ownership permission, select the Allow check box.
Apply These Permissions To Objects And/Or Containers Within This Container Only Specify whether subfolders and files within a folder inherit the special access permissions from the folder. Select this check box to propagate the special access permissions to files and subfolders. Clear this check box to prevent permissions inheritance.
Clear All Click this button to clear all selected permissions.

NOTE

You can view the permissions that are applied to the file or folder, the owner, and where the permissions apply in the Access Control Settings dialog box, on the Permissions tab. When special access permissions have been assigned, Windows 2000 displays Special under Permissions.

Taking Ownership of a File or Folder

Follow these steps to take ownership of a file or folder. The user or a group member with Take Ownership permission must explicitly take ownership of the file or folder.

  1. In the Access Control Settings dialog box, on the Owner tab, in the Change Owner To list, select your name.
  2. Select the Replace Owner On Subcontainers And Objects check box to take ownership of all subfolders and files that are contained within the folder.

Lesson Summary

In this lesson, you learned that there are 14 special access permissions, and two of them are especially useful. These are Change Permissions and Take Ownership. You can enable administrators and other users to change permissions for a file or folder without giving them the Full Control permission over the file or folder. This prevents the administrator or user from deleting or writing to the file or folder, but it still allows them to assign permissions to the file or folder.

You also learned that you can transfer ownership of files and folders from one user account or group to another user account or group. The current owner or any user with Full Control permission can assign the Full Control standard permission or the Take Ownership special access permission to another user account or group, allowing the user account or a member of the group to take ownership. An administrator can take ownership of a folder or file, regardless of assigned permissions. When an administrator takes ownership of a file or folder, the Administrators group becomes the owner, and any member of the Administrators group can change the permissions for the file or folder and assign the Take Ownership permission to another user account or group.


Previous page
Table of content
Next page
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244
BUY ON AMAZON
Qshell for iSeries
MySQL Cookbook
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Special Edition Using Crystal Reports 10
The Oracle Hackers Handbook: Hacking and Defending Oracle
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy