Managing Permissions

Applies To: Windows 7, Windows Server 2008 R2

Every container and object on the network has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups.

When you are a member of a security group that is associated with an object, you have some ability to manage the permissions on that object. For those objects you own, you have full control. You can use different methods, such as Active Directory Domain Services (AD DS), Group Policy, or access control lists, to manage different types of objects.

This section contains:

• What Are Permissions?

• File and Folder Permissions

• Share and NTFS Permissions on a File Server

• Inherited Permissions

• How Effective Permissions Are Determined

• Determine Where to Apply Permissions

• Set, View, Change, or Remove Permissions on an Object

Additional references

• For information about managing permissions by using AD DS, see Assign, change, or remove permissions on Active Directory objects or attributes (https://go.microsoft.com/fwlink/?LinkId=63970).

• For information about managing permissions by using Group Policy, see Apply or Modify Permission Entries for Objects Using Group Policy (https://go.microsoft.com/fwlink/?LinkId=64928).