NTFS Permissions

To adjust permissions on an folder in Windows (while you’re logged in as your AD account), right-click on the folder and:

  • Choose the “Properties” menu
  • Click the “Security” tab
  • Click on a user, and click “Edit“, and checkboxes below will show exactly which permissions they have.
  • Choose “Add” to add a new user, or “Remove” to remove a user’s access. If you are given a permission denied message, then you do not have permission to modify them, and you should contact ENGIT or one of the users listed above who *does* have modify permission, and they can change things for you.
  • Click “Apply” to apply the permissions.

If any of the boxes are grayed out, they are being inherited from a folder above, and you can not remove existing permissions without disinheriting the permissions from above. To do this, uncheck the box “include inheritable permissions from this object’s parent”, and choose to copy the permissions from above. (We recommend you avoid doing this on folders that already contain many files, since it can take a very long time for new permissions to propagate.)

When adding a new user, specify their Kerberos name in the window that pops up, and set their permissions by the checkboxes.

  • Full Control — User(s) can add, modify, move and delete files and directories, as well as change ownership and permissions settings for all files and subdirectories. In most cases, don’t set this but use Modify.
  • Modify — Users can view and read and write files and change there properties. Also add and remove files or folders.
  • List Folder Contents —Users can view and list files and subfolders as well as execute of files.
  • Read & Execute — Users can read files and run executable files.
  • Read — Users can view files, file properties and directories.
  • Write — Users can write and edit files and add to folders.

Set Permission to Traverse Folders

Remember that users will not be able to get to your folder unless they also have permissions to all folders above this one–this is particularly important to remember in the case of all subfolders under “BME Administration”–if the user is not a member of one of the groups that has permission to “BME Administration” (such as “BME Staff” or “BME Labs”), they will not be able to get to any subfolders, even if you have added them to the subfolder.