ntfs permissions

ntfs permissions

Folder permissions aka NTFS permissions are something you should be familiar with as it comes up a lot when people are moving to new departments within the company or when new hires are added to teams. I won’t be going into the nitty gritty, but this should be enough to get you comfortable.

What are NTFS permissions?

Its somewhat self-explanatory. Permissions are rules that allow departments/employees to access certain folders with some limits. Below are the available permission options and a brief description of their functions.

File Permissions on a network Share

Picture this, an accounting new hire just on-boarded, they have their laptop with all necessary tools and file shares mapped, now they are tasked to start a new project in the accounting share. Our new hire just tried to add a new spreadsheet and are receiving an error.

You (IT Support) are shown this screenshot and now have to correct the issue. We know that this new hire is trying to create something in the share, so we need to confirm they at least have write permissions.

If you’re remoted into the user’s computer, right click on the accounting share, and select properties.

Click on the Security tab, here is where we can view the groups/users and the permissions they hold on the accounting share.

Going down the list of groups we can click on each one to see how much power they hold in the share. Standard users have Read & Execute, but no write permissions.

Administrators have full control.

Math Nerds have modify permissions.

Now that we know the permissions of these groups, we can see that the only options write permissions are Math Nerds and Administrators. If we add the new hire’s account to either of these groups, they’ll be able to do what they need to. Although they both work, we need to follow something called the “principle of least privilege”. This simply means, give users the bare minimum access necessary to complete their tasks. In our case, this user has no need for full control permissions so that leaves us with Math Nerds.

Let’s move to active directory. Do a global search for your user.

Now double click on the account, and in the new window click on the “Member Of” tab.

Here we can see this user is only part of one group, lets add them to the Math Nerds group. Click the add button, enter math nerds in the search box, then click check name.

The group should be discovered, now click ok.

Cool, this employee is now a member of Math Nerds.

They should have write permissions in the accounting share. Let’s confirm.

looks like we’re all set. Our new hire was able to create a new file.

If the error were to persist after adding our new hire to the correct groups, its likely a permission issue on the server’s side (separate topic, don’t worry about it) and the case would be escalated to the next level of support.

Final Thoughts

Permissions are an integral part of corporate IT and may be confusing at first, but the more exposure you have the easier it gets to troubleshoot. Bonus tip, any access denied error relates to permissions somehow. Other than network shares, you’ll probably encounter them with online resources and, those resources can also rely on groups to grant permissions. It may or not be an Active Directory group so consider reaching out to the administrators of those other resources if you yourself don’t have access.

If you have suggestions for future topics you would like to see covered, feel free to send an email through the “contact” page!

Latest Posts