How do you grant read-only permissions on NTFS Security settings?

permissions ntfs file-permissions
6,077

The minimum permission required to read a folder's permissions (DACL) is READ_CONTROL ("Read Permission"). If you also want to be able to view the folder's subfolders, FILE_LIST_DIRECTORY ("List Folder") is required.

But beware: When set on a directory, FILE_LIST_DIRECTORY gives you the right to list the children, but when set on a file it allows you to read the content.

So you probably want to use FILE_LIST_DIRECTORY+READ_CONTROL, set that on a root directory and have the permissions apply (inherit) to subfolders only, but not to files.

With SetACL you could set such permissions like this:

SetACL -on PathToDirectory -ot file -actn ace -ace n:UserOrGroup;p:list_dir,read_dacl;i:so

Share:
6,077

Related videos on Youtube

Chum
Author by

Chum

Updated on September 17, 2022

Comments

  • Chum
    Chum over 1 year

    Is it possible to create a security group that can read who has permission to do what on NTFS folders but without granting Full Control or letting the group open files within those folders?

  • Chum
    Chum about 13 years
    Thank you for the advice. Will test. Your SetACL tool looks interesting also.
  • Helge Klein
    Helge Klein about 13 years
    Please consider marking useful and/or correct answers as such (at the left of each answer).
  • Chum
    Chum about 13 years
    Done - thanks again. When my rep goes up I will upvote your answer too. :)
  • Dogmatixed
    Dogmatixed about 13 years
    what is the difference between List Folder and Traverse Folder in this context?
  • Helge Klein
    Helge Klein about 13 years
    Please open a new thread for new questions. Anyway, here is the answer: "For folders: The Traverse Folder permission applies only to folders. This permission allows or denies the user from moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders. Traverse Folder takes effect only when the group or user is not granted the Bypass Traverse Checking user right. The Bypass Traverse Checking user right checks user rights in the Group Policy snap-in." [From support.microsoft.com/kb/308419]

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to change permissions on a folder when the owner doesn't have read access and no one else has change permissions enabled?
What is the difference between Right and Permission?
Allow users to create files but not edit and delete them
ICACLS options: Why is /t needed with (OI)(OC)?
Setting NTFS permissions to Write, but not Read
Finding all files in NTFS with specific user or group in ACL
What is the best way to fix NTFS file permissions to inherit parent?
Python Permission Error when reading
How do you take file ownership with PowerShell?
Git remote: error- 'remote:error: unable to unlink old 'filename_here' (permission denied)' after git push