Major Topics
Other Topics
More Detail
©2004 Team Approach Limited
All rights reserved
The discussion of Windows security tends to be generic because the security
system applies to different object types. People relate to file security best
because it is the most commonly used aspect of computer security. Windows
security also applies to printers, the registry, the Active Directory, and other
resources. In all cases we have DACLs and SACLs, but the permissions are
different.
| Printer | Files | Registry | Active Directory |
| Print Manage Printers Manage Documents Read Permissions Change Permissions Take Ownership |
Full Control Traverse Folder/Execute File List Folder/Read Data Read Attributes Read Extended Attributes Create Files/Write Data Create Folders/Append Data Write Attributes Write Extended Attributes Delete Subfolders and Files Delete Read Permissions Change Permissions Take Ownership |
Full Control Query Value Set Value Create Subkeys Enumerate Subkeys Notify Create Link Delete Write DAC Write Owner Read Control |
Full Control List Contents Read All Properties Write All Properties Delete Delete Subtree Read Permissions Modify Permissions Modify Owner All Validated Writes All Extended Rights Create All Child Objects Delete All Child Objects Other Object Specific |
The table above shows the special permissions for each object type. To simply the user interface, permissions are grouped into commonly used sets called standard permissions. The following table shows how the standard permissions are defined for the file system.
| Standard Permissions | Special Permissions | ||||
| Full Control | Modify | Read & Execute | Read | Write | |
| ● | Full Control | ||||
| ● | ● | ● | Traverse Folder/Execute File | ||
| ● | ● | ● | ● | List Folder/Read Data | |
| ● | ● | ● | ● | Read Attributes | |
| ● | ● | ● | ● | Read Extended Attributes | |
| ● | ● | ● | Create Files/Write Data | ||
| ● | ● | ● | Create Folders/Append Data | ||
| ● | ● | ● | Write Attributes | ||
| ● | ● | ● | Write Extended Attributes | ||
| ● | Delete Subfolders and Files | ||||
| ● | ● | Delete | |||
| ● | ● | ● | ● | Read Permissions | |
| ● | Change Permissions | ||||
| ● | Take Ownership | ||||
The standard permissions are presented with the normal object security dialog.
Special permissions are only made visible in the Advanced Security Settings dialog.
Keyboard
Exercise
Look at the permissions in a DACL for a file, a printer, a registry key, and an Active Directory object and note the differences.