With NTFS file system came file & folder security permissions which were not available in FAT/FAT32 file system. NTFS security permissions allow you to set fine-grain security settings on any file or folder. This avoids unauthorized changes to any file or folder without permissions of file/folder owner.
Normally users don’t need to make any changes to security permissions of file or folders, Windows manages it the best way automatically. Every time you copy or create any file or folder to your system, Windows automatically sets security permissions to new files or folders. These security permissions are usually inherited from parent folder/directory.
You can also set or change file/folder security permissions to suite your requirements. You can also change owner of the files/folders. Sometimes you may want to keep your important files and documents in a folder and restrict access to you only. However, you can avoid unauthorized access to your documents by hiding them. But that doesn’t guarantee the safety of your data.
By setting Security permissions on any file/folder, you can choose who will have access to that file/folder and who will not. Windows automatically sets best file and folder permissions and data stored in your user profile is not accessible to other users. But data stored in other disk drives (D, E, F etc.) is accessible to all the users if you are using a shared PC.
On a shared PC, if you want to secure your data, you can set security permissions on your personal files/folders to prevent other users from accessing them. This tutorial shows you how to manage or change file & folder security permissions and ownership. This tutorial has been divided in two parts for describing permissions on Files and Folders separately. However, file and folder permissions are very similar.
1. Setting up test environment
For demonstrating File and Folder permissions, we have created a folder named as Documents in disk drive D.
In this folder, we have created a text file with name ‘Confidential’. This text file contains some sample text.
2. Setting the Permissions
After creating required folders and files, it’s time for setting up required permissions to restrict access to selected folder and file. In this tutorial we will do it separately on Folder and then on File. Let’s start with Folder permissions:
A) Changing Folder Permissions & Ownership:
Follow these steps for setting Folder ownership and permissions to restrict access to our folder.
Right-click on Folder and select Properties.
In properties window, go to Security tab. Here you can see a brief view of current folder permissions. Click on Advanced button to see detailed permissions settings:
The advanced view of Security settings show details about current owner of the folder and list of users having access to that folder and the permissions users currently have.
By default the user who creates any folder is set as the Owner of that folder. But if you want to restrict access to your folders, you should probably change the owner of the folder to yourself (if you’re not the owner already) so that you have authority to delegate access to that folder. However, any user who has Full Control type permissions on the folder can change owner of the folder, so, avoid assigning Full Control permissions to any user.
To change the owner of the folder, click on Change icon next to owner name. You need to be local administrator to change ownership of any folder.
A user selection window will open. Type your username and click on Check names. In this tutorial we have chosen HELLPC as the owner of the folder.
After selecting your username, click on OK.
Now tick the check box next to Replace owner on subcontainers and objects and click Apply. Do not click OK yet, we need to change permissions as well.
Under the owner, you will see permission entries applicable to selected folder. Here you can remove any user who you don’t want to allow access to this folder. Just select the user and click Remove button. In this example, we have removed AslamKhan user from permission list.
Instead of removing users from permission list, you can change the permissions users have on the folder by clicking Edit button. After removing un-wanted users, click OK to save Advanced Security Settings.
Click OK again to close properties window.
It’s time to test the permissions changes we just made. Login to other user account. In this tutorial we have switched to AslamKhan user whose permissions we have already removed from folder.
Now try to access the same folder. When you click on folder, it gives you permission denied error because the current user (AslamKhan) doesn’t have permission to access the folder.
You have successfully restricted permissions to your Folder. The permissions, you have set on the folder, will be inherited to all subfolders and files within parent folder. You can also set permissions on individual files. File permissions are explained in next section.
B) Changing File Permissions:
Changing file permissions and ownership is same as changing permissions for Folders. However, in this section, we will describe disabling inheritance on files and setting customized permissions for users.
Right-click on sample document file “Confidential” and select Properties.
Now, go to Security tab and click Advanced just like we did for in folder properties.
This will open Advanced Security Settings window where you can see Owner and permission entries for selected file.
You can change Owner of the file if you wish. Since, this file is in a folder, by default permission entries are inherited from parent folder. It means, this file has same owner and permissions as that of parent folder. If you try to remove any inherited permission entry from file, you get following error:
To change permissions, we need to disable inheritance and convert inherited permission entries to explicit permission entries which can be modified individually. Click on Disable inheritance button and then click on Convert inherited permissions into explicit permissions on this object.
After disabling inheritance, you can now remove or modify permission entries. Just select a user and click Remove to remove his permissions from selected file.
You can also change any user’s permissions to Read-only to restrict him from making modifications to our file. Just select any user and click Edit to change any user’s permissions.
Time to check file permissions. Switch to other user (AslamKhan) again and try to access the file with other user (AslamKhan). You will get following error:
Any user who doesn’t have permissions on that file won’t be able to view or edit that file.
Now that you have successfully configured Folder and File permissions on your data, other users won’t be able to modify it. Make sure to assign permissions carefully as any user who has Full Control permission on your files or folders will be able to change permissions and ownership. But an standard user won’t be able to do that. In case you face any challenges or want to ask any questions about file/folder permissions, feel free to comment below. Enjoy, have fun!