All about File and Folder Permissions in Windows

In the process of using a computer running Windows operating system, you have probably seen the message dialog box appear as shown below when you enter a certain folder, right?

And here again…

Many of you already understand what this announcement is – especially the readers of the Knowledge Sharing Blog

However, there are also many newbers who do not know what this error is and why it is so. That’s why today, I will explain almost fully about the file and folder permissions in the Windows operating system.

If you do not know anything or are looking to learn, perhaps this is a very useful article for you. Okay, now we’re going to jump right into the main content:

#first. Overview of File / Folder permissions on Windows

First, you need to know that File and Folder permissions in Windows do not support hard drive formats such as FAT, FAT16, FAT32 or exFat. Currently, File and Folder permissions only support NTFS and ReFS formats.

Normally, computers with operating systems from Windows 2000 to Windows 10 all use NTFS format instead of FAT32 format, so almost any machine can decentralize File and Folder permissions.

So what are the advantages of file and folder permissions?

First of all, you can control whether someone in another account (User) has the permission to Read, Write or Delete the file or folder you want.

At the same time, it is also a solid wall in front of User rights accounts (not Admin accounts) that cannot damage folders or system files.

Reading this far, people will ask: So why not use file or folder encryption, isn’t it safer? Now, just having a USB BOOT is enough to break the Windows computer’s pass easily, then decentralization doesn’t work anymore?

In my opinion, encryption is always for very important data, and needs high security.

Therefore, the decentralization in Windows, although not as secure as encryption, is much more flexible because it is possible for others to view the file but not be allowed to edit it, or allow viewing and editing the file but files cannot be deleted…

Therefore, each method has its own advantages and disadvantages. It will be suitable for different needs and purposes.

#2. Basic instructions on decentralization on Windows

+ Step 1: First right-click on the File or Folder that you need to authorize => then click Properties. Then you switch to tab Security => and choose Advanced.

+ Step 2: Next press Add.

+ Step 3: Continue, you click Select a principal.

+ Step 4: Now enter your account name or click Advanced... if you do not remember the account name to be authorized.

Then you press Find Now to find the account => Then you press OK.

Note: Please pay attention to the account icon in front of the account name to avoid confusing accounts and account groups.

• one person icon: It’s a regular account. For example: Cyber, User1,…
• two person icon: As a group of accounts. For example: Administrators, Users,…
• single person icon but with a downward arrow: A regular account but disabled, usually an account created by Windows itself. For example: Administrator, Guest, DefaultAccount,…

+ Step 5: Next you pay attention to the part Type. There will be 2 options Allow (allow) or Deny (do not allow).

In the section Applies to, we have the following options:

• This folder, subfolders and files: Applies to this folder, its subfolders, and the files it contains.
• This folder only: Applies to this folder only.
• This folder and subfolders: Applies only to this folder and its subfolders.
• This folder and files: Applies only to this folder and the files it contains.
• Subfolders and files only: Only applies to subfolders and files contained in this folder.
• Subfolders only: Only applies to subfolders contained in this folder.
• Files only: Only applies to files in this folder.

Go to section Basic Permissions have the following options:

• Read: Allows viewing the names of files, folders and subfolders, allows copying, reading files and folders.
• Write: Provide all Read permissions, allow to create more folders, add files, delete files.
• List folder contents: Allows viewing the names of files, folders and subfolders, when selected will automatically tick Read & execute and Read.
• Read & execute: Allow to install or run the file, when selected, it will automatically tick Read, List folder contents.
• Modify: Allows viewing file names, folders and subfolders, allows full rights to edit or execute files and folders, when selected will automatically add all remaining permissions, except Full Control.
• Full Control: All rights in Modify, are allowed to edit permissions or change the owner (Take Ownership), when selected will automatically add all remaining rights. In general, when you select Full Control, you will have full rights.

=> After setting is complete, press OK to complete.

And if you decentralize Deny A message will appear as follows:

You just choose OK To confirm. Continue pressing Apply => OK => and OK. So you have the right to complete.

#3. Instructions for advanced permissions on Windows

Now I will give an advanced guide to decentralization.

Customize permissions: LIVE Bước 5 in section #2 above, we will click Show advanced permissions.

We can customize the following permissions:

• Full Control: All permissions, when selected, will automatically tick all the remaining permissions.
• Traverse Folder / Execute file: Permission to run and execute files.
• List Folder / Read data: View file and folder names.
• Read attributes: Read file or folder properties.
• Read extended attributes: Read advanced file or folder properties.
• Create files / write data: Allowed to add files to the folder.
• Create folders / append data: Allow to create or add folders.
• Write attributes: Edited file or folder properties.
• Write extended attributes: Edit advanced file or folder properties.
• Delete subfolders and files: Allow to delete files and subfolders of this folder.
• Delete: Allow to delete this folder.
• Read permissions: Read the list of permissions for this folder.
• Change permissions: Allow editing permissions.
• Take ownership: Allow to edit folder owner.
• Change ownership of files and folders (Take Ownership).

In the section Owner => you click select Change.

You select the account to transfer the permission => then click OK.

Continue pressing Apply => choose OK.

So you have successfully transferred file or folder permissions!

#4. Notes that you should know

• First, when decentralizing, you should only use the Administrator account. If you use a User account, you can still delegate permissions, but it can be easily taken over by the Admin account using Take Ownership.
• Many of you will ask why you have been authorized to use the software but still cannot run or install the software. The reason is that you are in the User account. Although you are authorized to use the file, you still need Admin rights to run the file.
• File or folder permissions only work on the OS that uses that permission. For example, if you move a folder or file with permissions to another computer or other operating system (eg Mini Windows), you will still have full access to that folder or file (unless the file or folder also has permissions on the computer). that computer or OS).
• Many times deleting a file is not possible even if you have Admin rights (usually manually delete important files or folders in Windows such as Windows folders, files, etc.). regedit.exe).

For example, according to the above pop-up content, you need to have permission TrustedInstaller to delete this file. So the right TrustedInstaller what?

This permission is only available when you install Windows (Use ISO file to install).

Therefore, there is no way to delete these files directly on that Windows, unless you use Mini Windows, another OS on the same computer, or modify it by installing or repairing Windows.

Cases where you can hijack File, Folder or open Full permission:

1. File or Folder is authorized by lower level account.
2. File or Folder is not damaged Deny permission Change Permissions.
3. The file or folder is not damaged Deny permission Take Ownership.

You can take a look at a few articles that have applied decentralization to handle some errors:

#5. Epilogue

Thus, I have introduced and provided quite complete instructions on decentralization in Windows. Wish you success! And hope everyone will comment so that I will improve in the next posts.

CTV: Hoang Tuan – techtipsnreview