Understanding NTFS Permissions

Questions and Answers

What happens to the permissions when copying an object within the same NTFS volume?

Permissions are lost completely.

Permissions are inherited from the parent directory.

Existing permissions are maintained. (correct)

New permissions are assigned by the operating system.

What effect does moving or copying an object from an NTFS volume to a FAT partition have on the permissions?

Permissions are inherited from the FAT partition.

Permissions are retained from the NTFS volume.

All permissions are lost. (correct)

Permissions are modified to comply with FAT standards.

Which command would you use to reset folder permissions for a specific folder using ICACLS?

icacls testfolder /deny /t /c

icacls testfolder /reset /t /c (correct)

icacls testfolder /remove /t /c

icacls testfolder /revoke /t /c

In what scenario does an object inherit permissions from its parent when moving or copying?

When moving from one NTFS volume to another.

What is a primary use of the ICACLS command in permission management?

To automate permission modification through scripting.

Which statement accurately describes effective permissions in NTFS?

Effective permissions are the sum of all allow and deny permissions for a user.

What is the purpose of inheritance in NTFS permissions?

To allow permissions to be applied from parent to child objects, simplifying permission management.

In NTFS, what happens when 'Deny' permissions are assigned to a user?

Deny permissions override all allow permissions regardless of the inheritance context.

When a user copies a file to a new location in NTFS, how are permissions handled?

The copied file receives the permissions of the destination folder.

Ownership of a file in NTFS can primarily be transferred by which method?

The owner can transfer ownership to another user through the 'Take Ownership' process.

What is the effective permission for USER on Example.txt when USER has READ permission and the STUDENTS GROUP has WRITE permission?

READ and WRITE

What happens to inherited permissions if inheritance is disabled on a folder?

They become explicit permissions which can be edited

If DENY permission is assigned to a user, what is the outcome for that user regarding existing permissions on an object?

All existing permissions are canceled

What is a better practice than using DENY to manage permissions?

Modifying group membership and permissions

What can a folder owner do regarding permissions for an object they do not have direct access to?

They can change permissions regardless of their access level

When copying a file in NTFS, what happens to its permissions?

The copied file inherits permissions from its new parent folder

What occurs to the permissions of an object when it is moved within the same NTFS volume?

The object keeps its existing permissions

If a user disables inheritance on a folder and chooses to REMOVE the existing permissions, what will be the result?

All existing permissions, including System, are deleted

Study Notes

NTFS Permissions

• NTFS permissions are a set of rules that determine user access to objects on a computer.
• User access is granted based on the user's security identifier (SID) and the access control list (ACL).
• The ACL specifies the permissions that a user has to an object.

NTFS Permissions Rules

• Copy within the same NTFS volume: Inherited permissions from the parent folder.
• Copy to a different NTFS volume: Inherited permissions from the new parent folder on the new volume.
• Copy from NTFS volume to FAT partition: All permissions are lost.
• Copy from FAT partition to NTFS volume: Inherited permissions from the new parent folder on the NTFS volume.

Effective Permissions

• Effective permissions are the cumulative permissions that a user has to an object.
• Effective permissions are determined by adding up all permissions granted to the user, either directly or through group memberships.
• If a user is denied access to an object, that denial takes precedence over all other grants.

Inheritance

• NTFS permissions can be inherited from parent objects.
• Inheritance can be disabled to prevent the flow of inherited permissions.
• When inheritance is disabled, the previous child folder becomes a parent folder, starting a new chain of inheritance.
• When disabling inheritance, you can choose to convert or remove permissions.
  • Convert: Existing inherited permissions become explicit.
  • Remove: All existing permissions, including the Windows system's, are removed.

Deny Overrides Allow

• A deny permission overrides any allow permissions for that object and user.
• Denies should be avoided, and group membership and permissions should be changed to allow access to authorized users.

Ownership

• Each object on an NTFS volume has an owner.
• Ownership can be used for auditing and administration.
• The owner can change permissions to an object, even if they don't have any permissions to it.
• An administrator account can take ownership of an orphaned object (an object with no permissions assigned).

NTFS Shares

• NTFS utilizes two options for sharing:
  • Permissions are cumulative.
  • Inheritance can be disabled.
• There is one correct way to configure shares for Microsoft and NAT program.
• Each share contains permissions that are added together to determine the effective permissions for a user.

ICACLS

• ICACLS is a command-line tool used for checking and setting permissions.

• The tool allows you to save permission settings for an object, enabling restoration later.

• Automate permission modifications by incorporating ICACLS into scripts.

• Examples:*

• icacls testfolder /grant Tom:F /t /c: Grants full control access to Tom for the testfolder.

• icacls testfolder /reset /t /c: Resets folder permissions for testfolder.

• icacls testfolder /inheritance:d /t /c: Disables inheritance on testfolder.

FAT (File Allocation Table)

• Used by operating systems prior to Windows 2000 (Windows 95, 98, ME, and below).
• Commonly used for USB devices.
• Lacked security features and allowed full access to all users.

NTFS (New Technology File System)

• Introduced in Windows 2000.
• Used by all Windows clients and servers.
• Enhances security and data integrity.

NTFS Security

• A user's security token (containing SID and group SID) is created when they log onto an NTFS system.
• Each object has an ACL (Access Control List) that grants or denies access to specific users and groups.
• The token and the ACL are compared to determine access.
• If there's a match, the permissions are granted.
• If no match is found or a denial is present, access is denied.

Description

This quiz explores the details of NTFS permissions, including how user access is determined based on SIDs and ACLs. It covers the rules regarding copying files across NTFS volumes and how effective permissions are calculated. Test your knowledge on these critical file security concepts.