Summary This article lists the default permissions on the drive after formatting with the NTFS file system for the first time. Some of these folders are hidden by default. The default NTFS permission on the Windows 2000 public folder in drive C is listed below. Note that this document assumes that Windows 2000 is installed on drive C. If you install Windows 2000 on another drive letter, replace drive C in the folder location listed below with the corresponding drive letter:
Configure the default NTFS permission for the server of the Member Server:
C :/
(Note: The installer does not change the permissions on % systemdrive % because the Windows 2000 ACL inheritance model recursively attempts to configure all subdirectories of the root directory. Administrators should configure root directory security according to their own system configurations and requirements .)
C:/program files and <subfolders>
Administrators-full control
Creator/owner-full control
Users-read
System-full control
Power Users-change
Terminal Server user-change
C:/Documents and Settings
Administrators-full control
Power Users-read
Everyone-read
Users-read
System-full control
C:/Documents and Settings/administrator and <subfolders>
Administrator-full control
Administrators-full control
System-full control
C:/Documents and Settings/all users and <subfolders>
Administrators-full control
Power Users-change
Users-read
Everyone-read
System-full control
C:/Documents and Settings/Default User and <subfolders>
Administrators-full control
Power Users-read
Users-read
Everyone-read
System-full control
C:/% SystemRoot %
Administrators-full control
Creator/owner-full control
Everyone-read
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/addins
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/Connection Wizard
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/config
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/cursors
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/debug
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/driver Cache
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/driver Cache/i386
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/Fonts
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/help
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
Terminal Server user-dedicated (rwx)
System-full control
C:/% SystemRoot %/INF
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/Java and <subfolders>
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/Media
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/msagent and subfolders
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/msapps and subfolders
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/mww32 and subfolders
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/registration
Administrators-full control
Everyone-read
System-full control
C:/% SystemRoot %/Repair
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/security and <subfolders>
Administrators-full control
Creator/owner-full control
Power Users-read
Users-read
System-full control
C:/% SystemRoot %/speech
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/System
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
Everyone-read
System-full control
C:/% SystemRoot %/system32/catroot
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/COM
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/config
Administrators-full control
Creator/owner-full control
Power Users-read
Users-read
System-full control
C:/% SystemRoot %/system32/DHCP
Administrators-full control
Creator/owner-full control
Power Users-read
Users-read
System-full control
C:/% SystemRoot %/system32/drivers and <subfolders>
Administrators-full control
Creator/owner-full control
Power Users-read
Users-read
System-full control
C:/% SystemRoot %/system32/dtclog
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/Export
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/grouppolicy and <subfolder>
Administrators-full control
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/IAS
Administrators-full control
Creator/owner-full control
System-full control
C:/% SystemRoot %/system32/inetsrv
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/Mui and <subfolder>
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/NPP
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/ntmsdata
Administrators-full control
System-full control
C:/% SystemRoot %/system32/os2 and <subfolders>
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/RAS
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/Rocket
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/rpcproxy
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/setup
Everyone-full control
C:/% SystemRoot %/system32/shellext
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/spool and <subfolder>
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/WBEM and <subfolder>
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/system32/wins
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/temp
Administrators-full control
Creator/owner-full control
Power Users-change
Users-dedicated
System-full control
C:/% SystemRoot %/twain_32
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
C:/% SystemRoot %/Web
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
Any other folder
Administrators-full control
Creator/owner-full control
Power Users-change
Users-read
System-full control
The default NTFS permission for the server configured as the domain controller:
C :/
(Note: The installer does not change the permissions on % systemdrive % because the Windows 2000 ACL inheritance model recursively attempts to configure all subdirectories of the root directory. Administrators should configure root directory security according to their own system configurations and requirements .)
C:/program files and <subfolders>
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/Documents and Settings
Administrators-full control
Everyone-read
Users-read
System-full control
C:/Documents and Settings/administrator and <subfolders>
Administrator-full control
Administrators-full control
System-full control
C:/Documents and Settings/all users and <subfolders>
Administrators-full control
Users-read
Everyone-read
System-full control
C:/Documents and Settings/Default User and <subfolders>
Administrators-full control
Users-read
Everyone-read
System-full control
C:/% SystemRoot %
Administrators-full control
Creator/owner-full control
Everyone-read
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/addins
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/Connection Wizard
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/config
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/cursors
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/debug
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/driver Cache
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/driver Cache/i386
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/Fonts
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/help
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/INF
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/Java and <subfolders>
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/Media
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/msagent and subfolders
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/msapps and subfolders
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/mww32 and subfolders
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/registration
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/Repair
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/security and <subfolders>
Administrators-full control
Server Operators-read
Authenticated Users-read
System-full control
C:/% SystemRoot %/speech
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/System
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
Everyone-read
System-full control
C:/% SystemRoot %/system32/catroot
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/COM
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/config
Administrators-full control
Creator/owner-full control
Server Operators-read
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/DHCP
Administrators-full control
Creator/owner-full control
Server Operators-read
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/drivers and <subfolders>
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/dtclog
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/Export
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/grouppolicy and <subfolder>
Administrators-full control
Creator/owner-full control
Server Operators-read
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/IAS
Administrators-full control
Creator/owner-full control
Server Operators-change
System-full control
C:/% SystemRoot %/system32/inetsrv
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/Mui and <subfolder>
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/NPP
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/ntmsdata
Administrators-full control
System-full control
C:/% SystemRoot %/system32/os2 and <subfolders>
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/RAS
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/Rocket
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/rpcproxy
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/setup
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/shellext
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/spool and <subfolder>
Administrators-full control
Creator/owner-full control
Server Operators-change
Print operators-full control
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/WBEM and <subfolder>
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/system32/wins
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/temp
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-dedicated
System-full control
C:/% SystemRoot %/twain_32
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
C:/% SystemRoot %/Web
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
Any other folder
Administrators-full control
Creator/owner-full control
Server Operators-change
Authenticated Users-read
System-full control
Note:: These permissions are not applicable to the drive that is converted to NTFS using the convert utility. The converted NTFS drive consists of all files and folders with the default permission "everyone -- security control.
Note:: In Windows 2000, C:/root directory and all other hard drive root directories (such as D: //, E :/) enable "Full Control" for the special everyone group by default ".
For other information, click the following article number to view the article in the Microsoft Knowledge Base:
148437 default NTFS permissions in Windows NT The information in this article applies:
• |
Microsoft Windows 2000 Server |
• |
Microsoft Windows 2000 Advanced Server |
• |
Microsoft Windows 2000 datacenter Server |