1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

2 Q's RE: NTFS modify & write perms.

Discussion in 'General Microsoft Certifications' started by mjtibbs, Feb 21, 2007.

  1. mjtibbs

    mjtibbs Bit Poster

    Hi guys,

    Ok this has been bugging me for a while. I am talking NTFS security perms here (not sharing perms).

    1) is there any difference between Allow - Modify and Allow - Write?

    in other words,

    does Allow - Modify only let you modify existing files but does not let you create new files?

    and does Allow - Write only let you create new files & write to these new files but not let you modify existing files?

    if this is not the case, and Allow - Modify & Allow - Write both let you create new files and modify existing files, then why have MS created these as two "seperate" permissions.

    its kind of confusing.

    ok 2nd Q)

    -lets say we share c:\docs as "docs" and we only want users to be able to modify thier OWN files.

    so we assign Allow - Modify on c:\docs for, say the "accountants" group..... but this would mean each user in the accountants group can modify any file within that folder.....

    how would I go about locking this down, so users can only modify their OWN files?

    many thanks for any assistance.

    Certifications: MCSA, OSCP, MCTS Config SharePoint 2007
  2. Fergal1982

    Fergal1982 Petabyte Poster

    Firstly i believe you are correct, Modify lets you change existing files, write allows you to create new files in the area.

    Secondly, you could apply write permissions to the creator/owner - since they created the file that would be them

    Edit: Just to update on that, in the security tab, click add, and type creator then hit ok. you will get two options, creator group and creator owner. The option you are looking for is creator owner. you can then apply the necessary rights. but this way you would need to apply it to each file individually,

    you should also be able to go into the advanced section, hit add and select the creator owner group, then in the dropdown for permissions select 'Subfolders and Files only', tick the boxes for the appropriate permission (full control perhaps? or maybe just modify). this would apply to the folders (not selecting 'this folder' should, i believe prevent them from doing anything to the folder itself but i couldnt say for sure). Play around with these settings to get the desired effect, i normally just apply group level permissions, so im not entirely sure about this level of the permission application
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  3. mjtibbs

    mjtibbs Bit Poster

    ok thanks alot for that ;)
    Certifications: MCSA, OSCP, MCTS Config SharePoint 2007

Share This Page