Results 1 to 4 of 4
  1. #1
    New Lounger
    Join Date
    Feb 2013
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    NTFS "write attribute" permissions

    So I'm working with NTFS permissions, trying to get granular control....and I'm not really seeing it. For instance, I've run across a situation where I want to stop users who have modify rights (Traverse folder/execute file; List folder/ read data; Read attributes; Read extended attributes; Create Files/write data; create folder/append data; write attributes; write extended attributes; delete subfolders and files; delete; read permissions) to this folder, subfolders, and files from changing the attributes on the files and/or folders, specifically the hidden attribute. So, I uncheck the "write attributes" box, which from what I've read, should do the trick. What does it do? It makes it so they can't modify the attributes, sure, but it also makes it so they cannot modify the files or folders. They are all locked in read only mode. So it seems that in disabling the write attributes permission, it also disables their ability to write to the file entirely. Is this just the way it is? Or am I missing something? I can duplicate this on my own workstation at home which is a Windows 7 client. Any help is appreciated, I'm lost. Thanks.

    Note: This is a Server 2008 R2/Windows 7 environment
    Last edited by mjkcal; 2013-02-08 at 20:29.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Gold Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,498
    Thanks
    7
    Thanked 220 Times in 208 Posts
    NTFS is not that granular. If you allow users to write to a folder they can pretty much do what they want. The only thing I refuse to grant users is Full Control because I don't want them to play with permissions - they always stuff it up.

    cheers, Paul

  4. #3
    New Lounger
    Join Date
    Feb 2013
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for replying. I suppose I don't even understand the point of having the check box for it then, if the functionality doesn't work without impacting other access. I suppose it is what it is, though.

  5. #4
    Gold Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,498
    Thanks
    7
    Thanked 220 Times in 208 Posts
    I suspect that the limit on what NTFS allows doesn't translate into what Windows thinks it can do. That's why I always tell users that they can have either of two things, do anything or read only. Anything else is just too hard to implement and the users end up not understanding what they can and can't do. The one exception to that rule is a blind write folder, where you can write but not read - useful for transferring data into a common location whilst maintaining confidentiality of the data.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •