NTFS Folder permission usage description

Source: Internet
Author: User

Access rights are strictly set

To ensure the security and stability of Windows systems, many users use the NTFS file system, so the access rights of shared folders are restricted not only by the share permissions, but also by the access rights contained in the ACLs (Access control lists) of the NTFS file system. The following is a "CCE" shared folder as an example of how to reasonably set the "Cceuser" user access to the "CCE" shared folder, in order to enhance the security of the shared folder.

1, Share permissions settings

In Explorer, right-click the "CCE" shared folder, select "Properties", switch to the "Sharing" tab, click the "Rights" button, pop-up "CCE Permissions" Settings dialog box, click the "Add" button, add "Cceuser" account to the "group or user name" list box, here " Cceuser "account to the" CCE "shared folder to have read and write permission, so the author to give the account" Full Control "permission, and finally click the" OK "button to complete the sharing permission settings.

2. NTFS access permission settings

The above only sets the shared access permissions for the "CCE" shared folder, after all, the "CCE" shared folder is subject to both shared access rights and NTFS access rights, and if the NTFS file system does not allow "Cceuser" users to access the share, it is not possible. Also, set reasonable NTFS access to the account.

After you switch to the Security tab in the CCE Shared File Properties dialog box, first add the "Cceuser" account to the group or User Name list box, and then set access permissions for that account. With the Cceuser account selected, select the Read and run, List folder directories, read, modify, and write items in the Cceuser Permissions list box, and then click the OK button.

After that, you complete the "Cceuser" User's access settings for the "CCE" shared folder, and the shared folder access settings for other users are the same, and they are no longer repeat.

Reasonable configuration of Disk Management

Because there is a lot of shared resources in a shared folder, it takes up a certain amount of hard disk space. Some users have write permission to upload a large number of files unrelated to the work, not only waste disk resources, but also vulnerable to infection virus, so the sharing folder without restraint of the use of hard disk space resources, will also bring unexpected security risks, must be limited.

1, disk quotas, limit users

The disk quotas feature provided by the Windows system allows you to limit the amount of hard disk space that is used by each user of Windows, thereby indirectly controlling the size of the shared folder.

As an example of the "CCE" shared folder and the "Cceuser" user, where the "CCE" shared folder is located in D, the disk quotas feature in the D disk is enabled to specify the number of hard disk space that "Cceuser" users can use.

In Explorer, right-click the D drive letter, select the Properties option, switch to the Quota tab, and select the "Enable quota management" key to activate the disk quotas feature. Make sure that the "Deny disk space to users exceeding quota limit" Item is selected. It is also recommended to select the "Log events when users exceed their quota limit" and "log events when the user exceeds the warning level" to record the quota alert in the log, and then click Apply.

Next click on the "Quota entry" button to eject the disk Quota Entry window and then limit the quota for "Cceuser" users. Click "Quota → new quota entry" In the Select User dialog box, select the Cceuser user, click OK, and then set the quota limit for the user in Add new quota entry, select the Limit disk space to item, enter "500" in the blank column, and then in the "set warning level to" column, enter "490", the disk capacity unit Select "MB", and finally click "OK" to complete the "Cceuser" user's disk quota settings so that the user can only use the shared folder hard disk space. The other user's quota setting method is the same, and you can follow the steps above to configure it.

2. Backup Restore disk quotas

The backup disk quota entry is very simple because the "CCE" shared folder is located in the D disk, here I backup Windows system D disk quota Entries For example, right click on "D disk" letter, in the pop-up menu select "Properties", switch to the "Quota" tab, click on the bottom of the "Quota Entry" button, pop-up Quota Entries Management dialog box, click quota → export, name the backup file in the File name box, and then click the "Save" button to complete the backup of the disk quota entries. Disk quota entries for other drives are backed up the same as above, and are no longer repeat.

Restoring disk quota Entries is just as easy, in the Quota Entry Management dialog box, click quota → import, then locate the backup file, click the "Open" button, and then click "Yes" in the disk quota prompt to complete the recovery of the disk quota entries.

Tip: Backup and restore of disk quota entries are in disk letter units, and note that only the disk partitions of the NTFS file system are available for backup and recovery.

3, mobile sharing, attention to permissions

Because of some needs, sometimes you have to move the shared folder to a different directory. Although the replication operation is simple, copying the user access rights information contained in the shared folder with the specific shared files is not a common replication operation. Using the XCOPY command is a good solution to this problem.

The author takes the CCE shared folder in D disk as an example, and copies the shared file and the user access information it contains to the CCEB shared folder in D disk. After you run the Xcopy CCE cceb/o/S command at the d:> prompt in the command Prompt window, you can copy the CCE shared folder and the user access rights information that you have included to the CCEB shared folder. Where the "/o" parameter represents "copy ownership and ACL information for a file", "/S" means "replicate directories and subdirectories."

4, preparedness, backup ACL

If the shared folder contains ACL information (user access rights) accidentally lost, it is difficult to recover from memory alone, but also may cause omissions, to the shared folder to leave a security risk. The user can then use the cacls command to do a backup of the ACL information for these shared folders.

As an example of a shared folder in D disk CCE, which contains a large amount of ACL information, the following uses the CACLS command to back up all ACL information in this shared folder. When you switch to the d:> prompt in the command Prompt window, run the cacls d:cce/t > D:aclscce.txt command, back up the ACL information that is contained in the shared folder CCE to the "aclsCCE.txt" file in D disk. When the ACL information is accidentally lost, the access rights of the CCE shared folder can be reset according to the ACL information in the backup file "AclsCCE.txt", which avoids the omission of some ACL information and ensures the security of the shared folder.

A, copying or moving in the same NTFS compartment

When copied to a different folder in the same NTFS compartment, its access rights are not the same as the access rights of the original file or folder. However, the access rights of a file or folder that are moved in the same NTFS compartment are unchanged, inheriting permissions that were previously not before being moved.

b, copying or moving in different NTFS intervals

Copying file or folder access permissions in different NTFS intervals changes, and the copied files do not inherit the original permissions, but instead inherit the target (new) folder's access rights. Similarly, if you move a file or folder in different NTFS intervals, access rights change as you move, and you inherit the permissions of the folder in which it was moved.

c, copying or moving from an NTFS partition to a FAT format partition

Because a file or folder in fat format does not have permission settings at all, the original file or folder does not have access rights.

Note : More attention to the computer Tutorials section, triple Computer office group: 189034526 welcome you to join

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.