During Creation or as part of the system administration, it is possible to add or alter the permissions associated with users or groups on the NTFS based system. This can allow the administrator the ability to control which user or group can access certain files or folders. It can also limit what control they can have over files or folders.
As part of the default system settings, the administrator is able to assign the user or group one of the following standard permissions:
Full Control – The ability to carry out any task with the file including open, write, alter and execute files, including changing the attributes and permissions of the file and to take ownership of it;
Modify – The ability to read, write and alter files as well as execute them and change their attributes;
Read and Execute – The ability to open the file and to execute it. The ability to view but not to alter the content, permissions or attributes of the file;
Read – The ability to open a file and to view the permissions and attributes of the file but not to alter the content, permissions or attributes of the file;
Write – The ability to write and alter the file as well as to read and change the file attributes;
List Folder Contents – Is the ability to display the content of a folder as well as the the content, permissions or attributes of it.
Changing the Permission of a File or Folder
The permissions of a file or folder can be altered by selecting it and using right click and select properties and then accessing the Security tab. The ‘edit’ tab is then selected. The ‘Group’ or ‘User names’ tab contains the different groups or users within the system and they can be selected according to which requires alteration.
The ‘Permissions for’ the file or folder can then be displayed in the lower window with the ability to be altered using the ‘tick’ boxes ‘Allow’ and ‘Deny’ under each permission.
When adjusting the permissions of users within a system with multiple users, it is normal that those users would be separated into ‘groups’ in order that each group can all be edited, rather than needing to edit each individual user.
When granting permissions to folders, it is possible to limit those permissions to the specific folder or to the sub-folders within it. The granting of permissions to a specific folder is named an ‘Explicit Permission’. The permissions granted to a folder as a result of the permissions of the directory above it being altered are referred to as ‘Inherited Permissions’.
In order to prevent the permissions of all sub-folders within the directory being altered, it is possible to set “Replace all existing inheritable permissions on all descendants with inheritable permissions from this object” (or “Disable Inheritance” within later operating systems) within the Advanced Security Settings Tab.
By default, all files created within a folder are given the same permissions of the folder that they are stored to. If the main folder has specific permissions and the sub-folder permissions differ then any files created within the sub-folder will reflect those permissions of the sub-folder rather than the main directory.
If a file permission is checked then the permissions of it have been specifically assigned, if they are shared then they have been assigned as a result of a parent folder and if they are clear then no permissions have been set.
Where it is possible to Allow a user permissions to a file or folder, it is also possible to ‘Deny’ permissions and, if that has occurred then any ‘Allow’ permissions will be over ruled by ‘Deny’.
If a user is a member of different groups and the permissions of a file differ between those groups then the permission given to that user will be the highest level permitted.
Therefore, if within 1 group the file could be ‘Read’ but within another group the same user was able to ‘Modify’ the file, then the user would be able to modify it.
If a Permission of a file was set to ‘Deny’ within either group that the user belonged to then the ‘Deny’ permission would over rule the ‘Allow’ within the other group.
When files or folders are copied or moved to another volume or device they will adopt the same permissions as set on the drive that they have been transferred to. If the file or folder is moved to a different location on the same volume or device then they will keep the same permissions that were originally assigned to it.
An owner of a file or folder is able to control what permissions are set for it. If ownership of a file or folder has been removed or altered then it is possible for an Administrator to return the ownership by selecting the file and using the Security and Advanced/Owner tab and using the ‘Change Owner to’ option, if the user/group is listed within the ‘Permission entries’ window or ‘Enter the object name to select (examples)’ if the user/group is not listed.
If alteration of the permissions for all files/sub-folders within the parent directory is required then select ‘Replace all child permission entries with inheritable permission entries from this object’.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0330 123 4448 or
via email on email@example.com, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any
computer forensic investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited
to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.