NTFS Security

1. NTFS Security

2. NTFS Security Understanding the structure of NTFS security • Control access to files and folders by using Permissions • Optimize access to files and folders by using NTFS best practices • Audit NTFS security • Troubleshoot access to files and folders

3. NTFS Security

4. NTFS Security

5. NTFS Security USERS AND GROUPS • Built-in security groups • Assigned (by administrator) groups • Special groups • CREATOR OWNER group • INTERACTIVE group • NETWORK group • Everyone group • Authenticated Users group

6. NTFS Security

7. NTFS Security

8. NTFS Security PERMISSION INHERITANCE • Subfolders and files inherit permissions • Inheritance can be blocked • Blocking required for new permissions

9. NTFS Security

10. NTFS Security PLANNING NTFS PERMISSIONS • Consolidate data • Assign permissions to folders • Assign most restrictive permissions possible • Use groups for permission assignment • Avoid excessively blocking inheritance • Avoid the Deny ACE

11. NTFS Security STANDARD PERMISSIONS

12. NTFS Security SPECIAL PERMISSIONS

13. NTFS Security ADDING USER/GROUP PERMISSIONS

14. NTFS Security HOW DOES IT WORK? • User logs on – access token is created • Access token contains user SID and group SIDs • User/Application accesses the resource • User access token is compared to ACEs in object’s DACL • If a SID in user’s access token matches the SID listed in an ACE access is granted or denied • If there is no match access is denied

15. NTFS Security MULTIPLE NTFS PERMISSIONS • Sum of all ACEs for user or group • Most lenient permission is the effective permission • Deny overrides all

16. NTFS Security VIEWING EFFECTIVE PERMISSIONS

17. NTFS Security AUDITING NTFS ACCESS

18. NTFS Security BEST PRACTICES • Assign most restrictive • Assign at folder level • Assign to groups • Avoid changing default NTFS permissions • Do not deny Everyone – add administrators first • Assign Read & Execute to users • Full Control to CREATOR OWNER in public folder • Do not assign permissions when there is no need