NTFS Permission

When share resources over the network, User will be affected by Permission. Have permission or be limited permission  by Administrator.

But it only works if the User has access from Client. If that User Access Server, the Share Permission completely meaningless.

Therefore, Limit the permission of User  in Local, you using NTFS Permission. Meanwhile, User access any resource will be affected by the NTFS Permission & Share Permission. If it only access in Local, it will only be affected by NTFS Permission.

Conditions to use NTFS Permissions: Your Partition must be formatted file system is NTFS.

Prepare: Creat a folder tree as shown below:

- Creat 2 Group: KETOAN; NHANSU 

- Creat 2 User: KT1, KT2 and Add 2 User  for Group KETOAN

- Creat 2 User: NS1, NS2 and Add 2 User for Group NHANSU 

Decentralization folder by Standard Permission

Decentralization for Groups as below:

- On folder Data:

     + Group NHANSU & KETOAN have permission to Read.

- On folder Chung:

     + Group NHANSU & KETOAN have permission to Full.

- On folder KETOAN

     + Group KETOAN have permission Full and Group NHANSU haven't permission.

1. Decentralization on Group Data.

B1: Click right mouse on folder Data and choose Properties. You choose tab Security and choose Advanced.

B2: On dialog box Advanced Security  Setting for DATA. In tab Permission choose Edit.

B3: Uncheck before row Include inheritable permission from this object's parent.

B4: On dialog box Windows Security, you choose Copy --> OK --> OK.

B5: On dialog box DATA Properties choose Edit

B6: On dialog box Permission for DATA choose Add.

B7: On dialog box Select Users or Group, in frame Enter the object  names to select. You input KETOAN; NHANSU and choose Check names.

B8: You see KETOAN and NHANSU was underlined and determine KETOAN & NHANSU exist and choose OK.

You see KETOAN & NHANSU was 3 permission Allow: Read & excute, List folder contents, Read. Choose OK/OK.

Check in:

You log on by permission KT1 and open folder C:\DATA --> log on compelete.

You log on by permission NS1 and open folder C:\DATA --> log on compelete.

You creat any folder, it will error message, no permission.

2: Decentralization for folder CHUNG.

B1: Log on Administrator and click right mouse on folder CHUNG. Choose Properties. In tab Security choose Edit. 

You choose Group KETOAN for permission Allow full control. Choose OK/OK.

You choose Group NHANSU for permission Allow full control. Choose OK/OK.

B2: Check in

- Log on by User KT1 and access on folder CHUNG --> Access compelete.

- Log on by User NS1 and access on folder CHUNG --> Access compelete.

- Creat or Deleta compelete any folder on folder CHUNG.

3. Decentralization for folder KETOAN

B1: Click right mouse on folder KETOAN and choose Properties. In tab Security choose  Advanced.

B2: In tab Permission choose Edit.

B3: Uncheck before row Include Inheritable Permission from  this object's parent.

B4: In dialog box Windows Security choose Copy/OK/OK.

B5: In dialog box KETOAN Properties choose Edit.

B6: Choose Group NHANSU and choose Remove.

B7: Choose Group KETOAN and tick Allow full control. Choose OK/OK.

Check in:

- Log on by User KT1, access on folder KETOAN --> Access compelete.

- Log on by User NS1, access on folder KETOAN --> Access no compelete.

- With User KT1, you can creat or delete compelete any folder on folder KETOAN.

4. Decentralization for folder NHANSU

B1: Click right mouse on folder NHANSU and choose Properties. In Tab Security choose Advanced.

B2: In Tab Permission choose Edit.

B3: Uncheck before row Include Inheritable Permission from  this object's parent.

B4: In dialog box Windows Security choose Copy/OK/OK.

B5: In dialog box NHANSU Properties choose Edit.

B6: Choose Group KETOAN and choose Remove.

B7: Choose Group NHANSU and tick Allow full control. Choose OK/OK.

Check in:

- Log on by User KT1, access on folder NHANSU --> Access no compelete.

- Log on by User NS1, access on folder NHANSU--> Access compelete.

- With User NS1, you can creat or delete compelete any folder on folder NHANSU.

5. Decentralization folder with Special Permission.

Permission with request: Only User creat file, that user can delete file.

B1: Click right mouse on folder KETOAN choose Properties . In Tab Security choose Advanced.

B2: In Tab Permission choose Group  KETOAN and choose Edit.

B3: In dialog box Advanced Security Settings for KETOAN, choose Group  KETOAN and choose Edit.

B4: In dialog box Permission Entry for KETOAN, uncheck column Allow for row Delete subfolder and file; and row Delete.

B5: Check in

- Log on User KT1, access folder KETOAN and creat file KT1.txt.

- Log on User KT2, access folder KETOAN and creat file KT2.txt.

- Log on KT1, delete Kt2.txt --> not delete compelete. Delete compelete KT1.txt.

- Log on KT2, delete Kt1.txt --> not delete compelete. Delete compelete KT2.txt.