MCSE 2003 - 70-290 TechNotes

May 27, 2010   by Winnie
Shared folders and file system (NTFS) permissions have appeared on Microsoft exams since the first MCP certifications. Even though some major changes and additions have been made, overall the basics remained the same. What also remained the same is that it can still be a very confusing topic. Although this TechNotes is fairly complete for the 70-290 exam, make sure you practice these topics on a real Windows 2003 server.

There are two main types of access permissions in Windows 2003: NTFS file and folder permissions, and shared folder permissions. First we will go over the theory and practical aspect of both and then we’ll see how they work combined.

NTFS Permissions

Before NTFS became the default file system on all Windows operating systems, one of the main considerations to use NTFS, instead of FAT or FAT32, was the possibility to assign permissions for individual files and folders. Each file and folder on an NTFS volume contains an Access Control List (ACL). This list contains entries for groups and individual user accounts mapped to their corresponding permissions. When a user tries to access a resource, Windows checks the ACL if the user is listed and what level of permission is assigned. It doesn’t matter whether the user tries to access the resources on the hard drive or on a remote server.

First let’s go over the main NTFS permissions that can be assigned for files and folders:

READ
Read permission allows a user to read the files, list the contents of folders, subfolders and volumes, and read the attributes, permissions and ownership. A user with only Read permission will not able to change the contents of the file or folder.

WRITE
Write permission allows the same as Read, but additionally allows the user to modify and create files and subfolders as well as change attributes.

READ AND EXECUTE
 Read and Execute permission allows the same as Read, but additionally allows users to run applications.

MODIFY
 Modify permission allows the same as Read, Write and Read and Execute combined, but additionally allows deleting.

FULL CONTROL
Full Control allows everything permitted by the other permissions, but additionally a user with Full Control can change permissions for other users and take ownership of files and folders.

LIST CONTENTS
 List Contents permission applies to folders only. It allows user to read files and list the contents of folders and volumes. Users with this permissions can see the files and folders, but cannot read or modify them nor can the create new files and folders.

Post in 70-290 Exam, Articles  
« Evaluating Backbone Services
Planning Mode »

Leave a Reply