• NTFS “write attribute” permissions

    Home » Forums » Admin IT Lounge » Admin IT Lounge – Miscellaneous » NTFS “write attribute” permissions

    Author
    Topic
    WSmjkcal
    AskWoody Lounger
    February 8, 2013 at 8:12 pm #487687

    So I’m working with NTFS permissions, trying to get granular control….and I’m not really seeing it. For instance, I’ve run across a situation where I want to stop users who have modify rights (Traverse folder/execute file; List folder/ read data; Read attributes; Read extended attributes; Create Files/write data; create folder/append data; write attributes; write extended attributes; delete subfolders and files; delete; read permissions) to this folder, subfolders, and files from changing the attributes on the files and/or folders, specifically the hidden attribute. So, I uncheck the “write attributes” box, which from what I’ve read, should do the trick. What does it do? It makes it so they can’t modify the attributes, sure, but it also makes it so they cannot modify the files or folders. They are all locked in read only mode. So it seems that in disabling the write attributes permission, it also disables their ability to write to the file entirely. Is this just the way it is? Or am I missing something? I can duplicate this on my own workstation at home which is a Windows 7 client. Any help is appreciated, I’m lost. Thanks.

    Note: This is a Server 2008 R2/Windows 7 environment

    Reply | Quote
    Viewing 2 reply threads
    Author
    Replies
    • Paul T
      AskWoody MVP
      February 9, 2013 at 2:49 am #1373863

      NTFS is not that granular. If you allow users to write to a folder they can pretty much do what they want. The only thing I refuse to grant users is Full Control because I don’t want them to play with permissions – they always stuff it up.

      cheers, Paul

      Reply | Quote
    • WSmjkcal
      AskWoody Lounger
      February 9, 2013 at 10:21 pm #1373990

      Thanks for replying. I suppose I don’t even understand the point of having the check box for it then, if the functionality doesn’t work without impacting other access. I suppose it is what it is, though.

      Reply | Quote
    • Paul T
      AskWoody MVP
      February 10, 2013 at 9:21 am #1374032

      I suspect that the limit on what NTFS allows doesn’t translate into what Windows thinks it can do. That’s why I always tell users that they can have either of two things, do anything or read only. Anything else is just too hard to implement and the users end up not understanding what they can and can’t do. The one exception to that rule is a blind write folder, where you can write but not read – useful for transferring data into a common location whilst maintaining confidentiality of the data.

      cheers, Paul

      Reply | Quote
    Viewing 2 reply threads
    Reply To: NTFS “write attribute” permissions

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.