The information in this article applies to:
- Permissions for Files and Folders
- Special Permissions Defined
- Traverse Folder/Execute File
- List Folder/Read Data
- Read Attributes
- Read Extended Attributes
- Create Files/Write Data
- Create Folders/Append Data
- Write Attributes
- Write Extended Attributes
- Delete Subfolders and Files
- Delete
- Read Permissions
- Change Permissions
- Take Ownership
- Synchronize
- Set, View, Change, or Remove Special Permissions for Files and Folders
- Troubleshooting
In Windows XP, you can apply special access permissions to files or folders
that are located on NTFS file system volumes. Special access permissions are
customizable sets of permissions. This article describes how to set, view,
change, or remove special permissions for files and folders.
back to the top
Folder permissions include Full Control , Modify , Read &
Execute , List Folder Contents , Read , and Write .
Each of these permissions consist of a logical group of special permissions that
are listed and defined in the following sections.
NOTE : This article assumes that you are using Windows XP on a domain. By
default, simplified sharing is enabled in Windows XP if you are not connected to
a domain, which means that the Security tab and advanced options for
permissions are not available.
If you are not joined to a domain and want to view the Security tab, view
the Set, View, Change, or Remove
Special Permissions for Files and Folders section in this article.
The following table describes file and folder special permissions.
Special Permissions | Full Control | Modify | Read & Execute | List Folder Contents | Read | Write |
---|---|---|---|---|---|---|
Traverse Folder/Execute File | yes | yes | yes | yes | no | no |
List Folder/Read Data | yes | yes | yes | yes | yes | no |
Read Attributes | yes | yes | yes | yes | yes | no |
Read Extended Attributes | yes | yes | yes | yes | yes | no |
Create Files/Write Data | yes | yes | no | no | no | yes |
Create Folders/Append Data | yes | yes | no | no | no | yes |
Write Attributes | yes | yes | no | no | no | yes |
Write Extended Attributes | yes | yes | no | no | no | yes |
Delete Subfolders and Files | yes | no | no | no | no | no |
Delete | yes | yes | no | no | no | no |
Read Permissions | yes | yes | yes | yes | yes | yes |
Change Permissions | yes | no | no | no | no | no |
Take Ownership | yes | no | no | no | no | no |
Synchronize | yes | yes | yes | yes | yes | yes |
IMPORTANT : Groups or users who are granted Full Control on a
folder can delete any files in that folder, regardless of the permissions that
protect the file.
NOTE : Although List Folder Contents and Read & Execute
appear to have the same special permissions, these permissions are inherited
differently. List Folder Contents is inherited by folders but not files,
and it only appears when you view folder permissions. Read & Execute is
inherited by both files and folders and is always present when you view file or
folder permissions.
NOTE : In Windows XP Professional, the Everyone group does not
include the Anonymous Logon group.
back to the top
You can set any or all of the following special permissions on files and
folders.
back to the top
For folders : The Traverse Folder permission allows or denies
the user from moving through folders to reach other files or folders, even if
the user has no permissions for the traversed folders (applies only to folders).
Traverse Folder takes effect only when the group or user is not granted
the Bypass Traverse Checking user right which checks user rights in the
Group Policy snap-in. By default, the Everyone group is given the
Bypass Traverse Checking user right.
For files : The Execute File permission allows or denies program
files the are running (applies only to files).
Setting the Traverse Folder permission on a folder does not automatically
set the Execute File permission on all files in that folder.
back to the top
The List Folder permission allows or denies the user from viewing file
names and subfolder names in the folder. The List Folder permission
affects only the contents of that folder and does not affect whether the folder
that you are setting the permission on is listed. This applies only to folders.
The Read Data permission allows or denies viewing data in files (applies
only to files).
back to the top
The Read Attributes permission allows or denies the user from viewing
the attributes of a file or folder, such as read-only and hidden. Attributes are
defined by the NTFS file system.
back to the top
The Read Extended Attributes permission allows or denies the user from
viewing the extended attributes of a file or folder. Extended attributes are
defined by programs and may vary by program.
back to the top
The Create Files permission allows or denies the user from creating
files in the folder (applies only to folders).
The Write Data permission allows or denies the user from making changes
to the file and overwriting existing content (applies only to files).
back to the top
The Create Folders permission allows or denies the user from creating
folders in the folder (applies only to folders).
The Append Data permission allows or denies the user from making changes
to the end of the file but not changing, deleting, or overwriting existing data
(applies only to files).
back to the top
The Write Attributes permission allows or denies the user from
changing the attributes of a file or folder, such as read-only or
hidden . Attributes are defined by the NTFS file system.
The Write Attributes permission does not imply creating or deleting files
or folders, it includes only the permission to make changes to the attributes of
a file or folder. To allow or deny create or delete operations, see Create
Files/Write Data , Create Folders/Append Data , Delete Subfolders
and Files , and Delete .
back to the top
The Write Extended Attributes permission allows or denies the user
from changing the extended attributes of a file or folder. Extended attributes
are defined by programs and may vary by program.
The Write Extended Attributes permission does not imply that the user can
create or delete files or folders, it includes only the permission to make
changes to the attributes of a file or folder. To allow or deny create or delete
operations, view the Create Files/Write Data , Create Folders/Append
Data , Delete Subfolders and Files , and Delete sections in
this article.
back to the top
The Delete Subfolders and Files permission allows or denies the user
from deleting subfolders and files, even if the Delete permission is not
granted on the subfolder or file. This permission applies only to folders.
back to the top
The Delete permission allows or denies the user from deleting the file
or folder. If you do not have Delete permission on a file or folder, you
can delete it if you are granted Delete Subfolders and Files on the parent
folder permissions.
back to the top
The Read Permissions permission allows or denies the user form reading
permissions about the file or folder, such as Full Control , Read
, and Write .
back to the top
The Change Permissions permission allows or denies the user from
changing permissions on the file or folder, such as Full Control ,
Read , and Write .
back to the top
The Take Ownership permission allows or denies the user form taking
ownership of the file or folder. The owner of a file or folder can change
permissions on it, regardless of any existing permissions that protect the file
or folder.
back to the top
The Synchronize permission allows or denies different threads to wait
on the handle for the file or folder and synchronize with another thread that
may signal it. This permission applies only to multiple-threaded,
multiple-process programs.
back to the top
To set, view, change, or remove special permissions for files and folders:
CAUTION : If you click to select the Replace permission entries on
all child objects with entries shown here that apply to child objects. Include
these with entries explicitly defined here check box, so that all subfolders
and files have all their permission entries reset to the same permissions as the
parent object. After you click Apply or OK , you cannot undo this
operation if you click to clear the check boxes.
Important : If you are not joined to a domain and want to view the
Security tab:
Notes :
If the Security tab is not available and you cannot configure special permissions for users and groups:
For additional information about file and folder permissions, click the article number below to view the article in the Microsoft Knowledge Base:
Q308418 HOW TO: Set, View, Change, or Remove File and Folder Permissions