Permissions
File and directory permissions are used to specify which users and groups can gain access to files and folders and what they can do with the contents of the file or folder. Assigning permissions on files and directories is an excellent means of providing security and is effective whether the file or directory is being accessed over the network or from the computer itself. However, the permissions that are assigned for directories are different from the permissions assigned for files. Table and show the different types of permissions that can be set on folders and files. These features are only available in the Windows NT/2000/XP operating systems if NTFS is used and not the FAT file system.

Access Control Lists (ACL)
It is easy to lose track of who has what rights to certain files and folders when beginning to assign permissions. This becomes increasingly difficult for an administrator to manage when dealing with networks that have hundreds or even thousands of users. The Access Control List (ACL) is a tool that provides the administrator with a list of files that a user has access to as well as the type of access that they have been granted. For every file and folder in an NTFS volume there is an ACL. For example, if a user wants to gain access to a resource, the ACL must contain an entry. This entry is called an Access Control Entry (ACE). This entry must allow the access that is requested otherwise the user will not be able to access the specified file or folder.

Encryption
Another security feature included with the Windows 2000/XP operating systems, provided NTFS is used, is encryption. Microsoft provides a specific file system for encryption called the Encrypting File System (EFS). This provides administrators with the means to apply encryption to a file or folder that only the person who encrypted the file can view. The administrator can specify the users who can view the file as well.

The EFS is an integrated service that runs on the operating system, which means that it is easy for an administrator to manage, and it is transparent to the file owner. However, other users can be granted access to the file if they are assigned a public key. This allows the user to work with the file. Anyone without the public key will be denied access to the file.

It is recommended that the administrator not attempt to encrypt individual files, and should instead start by encrypting a folder. Once the folder has encryption enabled, any files placed into the folder will become encrypted. This makes keeping track of the encrypted files much easier. To encrypt a folder, in the Properties dialog box for the folder, click the General tab. On the General tab, click the Advanced button, and then select the Encrypt Contents To Secure Data check box.

Compression
Microsoft has included a compression tool that enables space to be saved by compressing files and folders. After compressing a file or folder it will take up less space on the Windows 2000/XP volume. This will determine the compression state of the file, which is either compressed or uncompressed. It is important to note that if a compressed file must be accessed, the user can do so without having to first uncompress the file. When a user attempts to open a compressed file, the operating system automatically uncompresses it and then recompresses it when work is finished and the file closed.

Compressing files and folders will give added disk space. However, NTFS allocates disk space based on the uncompressed file size. When a user tries to copy a compressed file to a volume that may in fact have enough space for the compressed file but not enough space for the uncompressed file, an error message will appear stating that there is not enough disk space to copy the file. This is because NTFS bases the size of the file on the uncompressed state and not the compressed state.

As with encrypting a file or folder, the same recommendation follows about compressing the folder first and then adding files to it after compressing the folder. To set the compression state of a folder or file, right-click the folder or file in Windows Explorer. Click Properties, and then click the Advanced button. In the Advanced Attributes dialog box, select the Compress Contents To Save Disk Space check box. Click OK, and then click Apply in the Properties dialog box. Compression is less important today because drives are getting larger for and cost less to buy.
 

Lab Activity  (PDF, 15 KB)   In this lab, students will learn how to assign NTFS permissions to folders.