NTFS permissions are the primary means of controlling access to filesystem resources on WS2003. To assign or modify NTFS permissions on a file or folder, you must either:
Be the owner (creator) of the file or folder
Have Full Control permission on the file or folder
Be a member of the Administrators group
To assign NTFS permissions, you can use Windows Explorer or My Computer. The following procedures assume you have already selected the file or folder whose permissions you want to assign or modify.
New to WS2003 is Special Permissions. This box being checked indicates that standard permissions have been modified by adding or removing special permissions.
Right-click on file → Properties → Security → Add → select domain → select user or group → Add → allow or deny standard permissions
Unless you explicitly allow different permissions, when you assign NTFS standard file permissions to a user or group, the default permissions assigned are Allow Read & Execute.
When you try to allow or deny different combinations of NTFS standard permissions, you will discover that not all combinations are allowed. For example, if you try to allow Full Control, then all five checkboxes under Allow automatically become checked. Table 4-41 shows the permissible combinations of NTFS standard permissions that can be assigned using the Security tab.
Table 4-41. Allowable combinations of NTFS standard permissions