In the Windows operating system, the creator of a file or folder has the option of adjusting several security settings for that object. This is commonly used to prevent other users from making unwanted changes. There are also security settings at the system administrator level that prevent a creator's ability to change file and folder settings. Understanding each level of security settings is fairly easy, but key when troubleshooting issues with "locked" files.
Windows has used New Technology File System (NTFS) settings since Windows NT to allow administrators and users to control different file security settings. In all cases, there is a priority of permissions. In order, they are: explicit deny, explicit allow, inherited deny and inherited allow. "Explicit" means the setting was applied directly to the file or folder. "Inherited" means the permission was set at a higher level; for example, a file inherits the permissions of the folder it was created in. In the list above, an item overrides whatever comes after it. For example, a file with deny explicitly set will override the allow it may have inherited.
Read Attributes are NTFS settings in Windows that allow users to see the attributes of a file or not. If the Read Attribute is set to "allow" for a user, then she can look at the permissions and attributes of that file or folder, including the Read Permissions. However, if the Read Attribute is set to "deny," then she won't even be able to look at how those permissions and attributes are set.
Read Permissions are NTFS settings in Windows that allow users to open a file or folder and read its contents. Read Permissions do not grant a user the ability to change anything inside the file or folder. That ability is controlled by Write Permissions. However, a file may have inherited Write Permissions allowed. This means that even if a user has Read Permissions denied, they may be able to delete the file or change its name thanks to inherited Write Permissions.
Read-Only and Read Attributes
Another layer of control happens at the DOS level, above Windows. There, an administrator may grant Read-Only permissions to files and folders. These restrict users to only reading files, not changing them. However, any user can always turn Read-Only off, as they are not subject to Read Attribute controls. In general, Read-Only is used to prevent accidental changes to a file or folder, not intentional ones.
- Photo Credit Ablestock.com/AbleStock.com/Getty Images