File / Folder permissions and Groups in Windows.

Setting file and folder permissions is part of the daily grind for a Windows admin.

The below is a good “cheat sheet” for those windows sys admins and MCSE students that I found here and here (with some modifications of my own to more reflect the MCSE syllabus):

NTFS File Permissions:

[table id=3 /]

—–

NTFS Folder Permissions:

[table id=4 /]

—–

Special Access File Permissions:

[table id=5 /]

—–

Share Permissions:

[table id=6 /]

—–

Keep in mind that share and NTFS permissons overlap. The resultant permissions are the union of the two (logical and). That is, in order to change permissions on a shared file, a user needs full control under both NTFS and share permissions. If a user has only “change” share permissions and “full control” NTFS permissions then they cannot change file permissions since the “change” share permission does not give the right to change permissions on a shared file. Also keep in mind that the “effective permissions” tool that MS offers sows only NTFS permissions, not share permission. (SIDENOTE: to access the effective permissions tool, right-click on a file > properties > security > advanced > effective permissions > select username)

Speaking of users, below is another good table I built from an MCSE study guide (70-290) regarding the relationship between different types of groups:

[table id=2 /]

—–