Every container and object on the network has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups.
When you are a member of a security group that is associated with an object, you have some ability to manage the permissions on that object. For those objects you own, you have full control. You can use different methods, such as Active Directory Domain Services (AD DS), Group Policy, or access control lists, to manage different types of objects.
This section contains:
- What Are
Permissions?
- File and Folder
Permissions
- Share and NTFS
Permissions on a File Server
- Inherited
Permissions
- How Effective
Permissions Are Determined
- Determine Where to Apply
Permissions
- Set, View, Change, or
Remove Permissions on an Object
Additional references
- For information about managing permissions by
using AD DS, see Assign, change, or remove permissions on Active Directory
objects or attributes
(http://go.microsoft.com/fwlink/?LinkId=63970).
- For information about managing permissions by
using Group Policy, see Apply or Modify Permission Entries for Objects Using Group
Policy (http://go.microsoft.com/fwlink/?LinkId=64928).