SLAC logo

Instructions for setting NTFS permissions

12 July, 2001
SLAC
NT Home
FAQ
 
Please contact your local administrator to properly set or review the permissions you need for your directories and files.

 Warning:

“Everyone” is removed from the permissions list as this would allow access to the insecure Guest account.  It is preferable to use “Authenticated Users”, if you wish to give access to all users with SLAC NT accounts.
 
Do not set your permissions to “Everyone: No Access” or “Authenticated Users: No Access”. 
If you wish to allow access to your directory:
If you wish to restrict access, it is best to follow Example 1 below:

Administrative accounts, such as 'System' and 'Administrators',  must be included in the permissions of directories and files on the network drive in order for administrative tasks to be performed (e.g., migration of data to larger volumes, anti-virus, etc.).

The recommended way to share files is by using the Groups Directory (V: drive).   We realize that a subset of users share files from each other's home directories.   These users need to explicitly set permissions to allow for this wider access.   To do so, you can use this script.  Unless you are familiar with NTFS permissions, please be cautious when resetting your permissions.   If you need help, please contact desktop-admin@slac.stanford.edu or your local administrator.

You can view or change the permissions to your directories and files using Windows NT Explorer.  Here are two examples on how to set proper permissions for commonly used directories.

Example 1:
Using Windows NT Explorer to set Permissions for your home directory.
 

1)From the “Start” button, select “Programs” -> “Windows NT Explorer”

2)Scroll down and right-click on the directory, folder or file that you want to set permissions on – your home directory in this case.

3)Select “Properties” from the context menu.

Select Properties Window
 
 

4)From the “Properties” screen, select the “Security” tab.

5)Click on the “Permissions” button.

Properties Window - Security Tab
 

6)In the resulting “Directory Permissions” screen, you see the Access Control List (ACL) – which is a list of users and groups, and their respective access privileges. 

There will be two sets of parentheses.  The first set indicates the type of access to the directory.  The second set indicates the type of access to the file.
(You will see a similar “File Permissions” screen for files.)

 

·If you wish to allow access only to yourself, set the ACL to allow yourself “Full Control” (substituting user “achan” with your own NT user account name).

·Remove all other account names from this ACL.


 
 

For changing permissions on existing sub-directories and files:

·Enable “Replace Permissions on Subdirectories” -- sets all subdirectories and files within them to the same permissions.

·Enable “Replace Permissions on Existing Files” -- to set all files in the selected folder to the same permissions.

To grant access to additional users or groups, click on “Add” and follow Step 7 below for details on “Add Users and Groups” to the ACL.
 

7) If you would like to grant access to your files to other users or groups, in the “Add Users and Groups” screen, 

·Ensure that the List Names from: field indicates “SLAC”

The available Group accounts will display.

To see the available User accounts,

·Click on “Show Users”,

·Scroll down to select the user or group you want to include,

·Click on “Add”.

Add Users and Groups Window
 

If you wish to distinguish between the types of access granted to different users and groups, you need to do so in the “Directory Permissions” window (Step 6).  The Type of Access specified in this “Add Users and Groups” window applies to all accounts entered in the Add Names field.

·Click “OK” to accept the changes.

·Review your changes on the “Directory Permissions” screen, click “OK” again to accept the changes.





Owner: Desktop-Admin