Windows XP Disk Management

  

Using NTFS Permissions

[This site is original] Friends who used WINDWOS95 and WINDOWS98 previously know that if you use multiple computers together, others can easily View your files; different users have the same right to use the same file, it can be said that there is no security! So have you ever thought about granting different access rights to different users without borrowing third-party software to improve the security of each user's files? I told you that in WINDOWS 2000 and the latest release of WIDNWOSXP, this problem can be easily solved with its unique NTFS file system.

A, how to use NTFS permissions

We first browse to the E disk under the "PC any line" folder, right-click and select "Properties", in the properties dialog that appears In the box, select the “Security” tab, as shown in Figure 1. We can see that the system has granted full control to the EVERYONE group. This is because the system automatically formats a disk partition with NTFS in WINDOWSXP. The EVERYONE group is granted full control permissions, and all files and folders created under that partition inherit this full control.

Figure 1 Attributes

At this time, if you do not make any changes, it is equivalent to our FAT format in WINDOWS98, basically no security at all! If we see that the permission list below is grayed out, we can't modify its permissions, which means that the folder is the right to continue the previous folder. If you want to modify the permissions that have been inherited, you can see that there is a “Advanced” button at the bottom of Figure 1. You can view the folder's advanced security settings dialog box. There is a file below the advanced security settings dialog box. "Inherit from the parent those permission items that can be applied to the child object, including those items that are explicitly defined here, this is used to set the inheritance of the permissions, we cancel the selection of the check box, this time A dialog box will pop up, as shown in Figure 2. If we choose to copy, the folder will retain the permissions that the parent folder has inherited, but will not inherit the permissions of the parent folder in the future. Select delete, will delete all permissions to inherit the superior folder, only retain the permissions that the user has set for this folder separately, because we have not granted permission for this folder, so we choose to copy first, then click OK to return PC can be my security attribute dialog box, this time you can change the permissions of the EVERYONE group, set its permissions to " Read "吧!

Figure 2 Security Tab Features

The default permissions of the EVERYONE group have been modified. The following is the authorization for other users. In the dialog box shown in Figure 1, select the middle " Add the " button, the Select Users and Groups dialog box will pop up, click the "Advanced" button, do not make any settings, then click the "Immediately search" button, wait a moment, put the machine on the bottom All users and groups are found out. Select a user and "OK" to return. At this time, you can see that the user has been added in the Security Properties dialog box of the folder. And then follow the above method to set the permissions for the user! Assign different permissions to different users, so that when the user accesses the folder again, he can only use the permissions given to him, and can no longer do what he wants, and do whatever he wants!

In general, a file system with such settings is safer. If you want to set a higher level of permissions, you can also set it in the folder's Advanced Security Properties dialog box. Double-click the username to bring up the file permissions dialog box (Figure 3). As you can see from the figure, the original permissions are refined. For example, the permissions of a "read” are refined into "traversing the folder/running file","listing the folder/reading amount&rdquo ;, “Read attributes”,“Read extended attributes” four items, here you can make more detailed function settings.

Figure 3 Permissions Project Dialog Box

B. Some Features of NTFS Permissions

Permissions are Accumulated

For example, a user has a file Read permission, and the user belongs to a group. Similarly, the group has write permission to the file, then the user has dual rights to read and write to the file.

File Permissions Over Folder Permissions

If a user has write access to a file and he only has read access to the folder in which the file is located, this does not affect the The user's permission to write to the file is because the file permission exceeds the folder permission.

Deny permissions are greater than everything

When we give permissions to users, we set what permissions they allow, but don't set them to deny permissions, but actually deny permissions can go beyond any other Permissions, if you want a user to not have access to a folder, then you can set the folder to deny access, so even if the group to which the user belongs has access to the folder, it can be said that the denied permission is an exception. , does not meet the authority is the accumulation of this law. Copying and Practicing

C. Copying Mobile NTFS System Files

When we copy NTFS files or folders, whether it is copied in the same partition or copied to other NTFS partitions, The copied folder will inherit the permissions of the destination folder. If we don't want to inherit the permissions of the destination folder, we can use the method described above; if you copy the file or folder to the partition of the FAT, then The permissions of the file will be automatically lost. Another thing to note is that copying a file or folder must have write access to the target folder.

The mobile folder also needs to have write access to the target folder, and must also have modified permissions on the source folder. When we copy and move files or folders in the same NTFS partition, he The original permissions will be preserved, but when moving between different NTFS partitions, he will inherit the target folder permissions as with replication. Because when we move the folder, we copy the source folder first, then paste it into the target folder, and then delete the source folder.

D, best practices

1, in order to reduce the workload, as much as possible for the group authorization, do not authorize the user, and the group authorization is much more convenient than the user authorization management It is.

2, group files, such as building a folder to store data specifically, and then grant permissions to the folder, without having to set permissions for each file.

3. Implement the principle of on-demand distribution, granting users only the privileges they need, and not granting them the privileges they don't need, which can improve security.

4. When you authorize executable files, try to grant them read and execute permissions instead of giving them other permissions, which can prevent viruses from being damaged to some extent.

If you encounter problems at the beginning of the article at work, then you can try this method in this article!

Copyright © Windows knowledge All Rights Reserved