windows 2008 Permissions more Explained

The default special permissions are further described in the following list.
Traverse Folder/Execute File Traverse Folder allows you to access a folder nested within a tree even if parent folders in that tree deny a user access to the contents of those folders. Execute File allows you to run a program.
List Folder/Read Data List Folder allows you to see file and folder names within a folder. Read Data allows you to open and view a file.
Read Attributes Allows you to view basic attributes of an object (read-only, system, archive, and hidden).
Read Extended Attributes Allows you to view the extended attributes of an object—for example, summary, author, title, and so on for a Word document. These attributes will vary from program to program.
Create Files/Write Data Create Files allows you to create new objects within a folder; Write Data allows you to overwrite an existing file (this does not allow you to add data to existing objects in the folder).
Create Folders/Append Data Create Folders allows you to nest folders. Append Data allows you to add data to an existing file, but not delete data within that file (a function based on file size), or delete the file itself.
Write Attributes Allows you to change the basic attributes of a file.
Write Extended Attributes Allows you to change the extended attributes of a file.
Delete Subfolders and Files Allows you to delete the contents of a folder regardless of whether any individual file or folder within the folder in question explicitly grants or denies the Delete permission.
Delete Allows you to delete a single file or folder, but not other files or folders within it.
Read Permissions Allows you to view NTFS permissions on an object, but not to change them.
Change Permissions Allows you to both view and change NTFS permissions on an object.
Take Ownership Allows you to take ownership of a file or folder, which inherently allows the ability to change permissions on an object. This is granted to administrator-level users by default. You also can create custom combinations of permissions, known as special permissions, other than those defined in Windows Server 2008 by default; I cover that procedure in detail later in this section.

Leave a Comment