0

I found this in a few different places around the 'net - hopefully it's helpful:

Set, View, Change, or Remove Special Permissions for Files and Folders in Windows XP

In Windows XP, you can apply special access permissions to files or folders that are located on NTFS file system volumes. Special access permissions are customizable sets of permissions. This article describes how to set, view, change, or remove special permissions for files and folders.

Permissions for Files and Folders
Folder permissions include Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. Each of these permissions consist of a logical group of special permissions that are listed and defined in the following sections.

Note: This article assumes that you are using Windows XP on a domain. By default, simplified sharing is enabled in Windows XP if you are not connected to a domain, which means that the Security tab and advanced options for permissions are not available.

If you are not joined to a domain and want to view the Security tab, view the Set, View, Change, or Remove Special Permissions for Files and Folders section in this article.

File and Folder Special Permissions
The following table describes file and folder special permissions.


Special Permissions
Full Control
Modify
Read & Execute
List Folder Contents
Read
Write

Traverse Folder/Execute File
yes
yes
yes
yes
no
no

List Folder/Read Data
yes
yes
yes
yes
yes
no

Read Attributes
yes
yes
yes
yes
yes
no

Read Extended Attributes
yes
yes
yes
yes
yes
no

Create Files/Write Data
yes
yes
no
no
no
yes

Create Folders/Append Data
yes
yes
no
no
no
yes

Write Attributes
yes
yes
no
no
no
yes

Write Extended Attributes
yes
yes
no
no
no
yes

Delete Subfolders and Files
yes
no
no
no
no
no

Delete
yes
yes
no
no
no
no

Read Permissions
yes
yes
yes
yes
yes
yes

Change Permissions
yes
no
no
no
no
no

Take Ownership
yes
no
no
no
no
no

Synchronize
yes
yes
yes
yes
yes
yes


IMPORTANT: Groups or users who are granted Full Control on a folder can delete any files in that folder, regardless of the permissions that protect the file.

Note: Although List Folder Contents and Read & Execute appear to have the same special permissions, these permissions are inherited differently. List Folder Contents is inherited by folders but not files, and it only appears when you view folder permissions. Read & Execute is inherited by both files and folders and is always present when you view file or folder permissions.

Note: In Windows XP Professional, the Everyone group does not include the Anonymous Logon group.

Special Permissions Defined
You can set any or all of the following special permissions on files and folders.

Traverse Folder/Execute File
For folders:

  • The Traverse Folder permission allows or denies the user from moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders (applies only to folders). Traverse Folder takes effect only when the group or user is not granted the Bypass Traverse Checking user right which checks user rights in the Group Policy snap-in. By default, the Everyone group is given the Bypass Traverse Checking user right.

For files:

  • The Execute File permission allows or denies program files the are running (applies only to files).

Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files in that folder.

List Folder/Read Data
The List Folder permission allows or denies the user from viewing file names and subfolder names in the folder. The List Folder permission affects only the contents of that folder and does not affect whether the folder that you are setting the permission on is listed. This applies only to folders.

The Read Data permission allows or denies viewing data in files (applies only to files).

Read Attributes
The Read Attributes permission allows or denies the user from viewing the attributes of a file or folder, such as read-only and hidden. Attributes are defined by the NTFS file system.

Read Extended Attributes
The Read Extended Attributes permission allows or denies the user from viewing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.

Create Files/Write Data
The Create Files permission allows or denies the user from creating files in the folder (applies only to folders). The Write Data permission allows or denies the user from making changes to the file and overwriting existing content (applies only to files).

Create Folders/Append Data
The Create Folders permission allows or denies the user from creating folders in the folder (applies only to folders). The Append Data permission allows or denies the user from making changes to the end of the file but not changing, deleting, or overwriting existing data (applies only to files).

Write Attributes
The Write Attributes permission allows or denies the user from changing the attributes of a file or folder, such as read-only or hidden. Attributes are defined by the NTFS file system.

The Write Attributes permission does not imply creating or deleting files or folders, it includes only the permission to make changes to the attributes of a file or folder. To allow or deny create or delete operations, see Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete.

Write Extended Attributes
The Write Extended Attributes permission allows or denies the user from changing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.

The Write Extended Attributes permission does not imply that the user can create or delete files or folders, it includes only the permission to make changes to the attributes of a file or folder. To allow or deny create or delete operations, view the Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete sections in this article.

Delete Subfolders and Files
The Delete Subfolders and Files permission allows or denies the user from deleting subfolders and files, even if the Delete permission is not granted on the subfolder or file. This permission applies only to folders.

Delete
The Delete permission allows or denies the user from deleting the file or folder. If you do not have Delete permission on a file or folder, you can delete it if you are granted Delete Subfolders and Files permissions on the parent folder.

Read Permissions
The Read Permissions permission allows or denies the user form reading permissions about the file or folder, such as Full Control, Read, and Write.

Change Permissions
The Change Permissions permission allows or denies the user from changing permissions on the file or folder, such as Full Control, Read, and Write.

Take Ownership
The Take Ownership permission allows or denies the user form taking ownership of the file or folder. The owner of a file or folder can change permissions on it, regardless of any existing permissions that protect the file or folder.

Synchronize
The Synchronize permission allows or denies different threads to wait on the handle for the file or folder and synchronize with another thread that may signal it. This permission applies only to multiple-threaded, multiple-process programs.

2
Contributors
1
Reply
8
Views
13 Years
Discussion Span
Last Post by robertnp
0

If you are using XP and you want to access the Program Files on another computer in your workgroup network, this can be achieved using the following steps.

These steps assume the C: drive has already been shared.

To set it up, perform the following steps on each computer:

1. Log on as Administrator. (If the Administrator is not on you Welcome screen, when you are on the Welcome screen, press Ctrl-Alt-Del twice. The easiest way to add the Administrator to the Welcome screen is to use WinGuides Tweak Manager -- brillian software.)

2. Make sure the administrator password on each machine is the same - it makes it easier later on. (To set the password, go to Administrative Tools > Local Users and Groups).

3. Put the cursor on the Start button, right click > Explore. Then: Tools > Folder Options > View and go to the last item in the list: "Use simple file sharing" and set it to OFF. Press: Apply to all folders.

4. Go to the Program Files folder. Right click on the folder > Sharing tab > "Share this folder". Then: Permissions and set Everyone to Full Control. Click OK. Note: this make take a few minutes to return to the normal cursor because it is recursing down the whole Program Files file structure and setting the permissions on every folder!

5. Locate you file manager program (Total Commander is by far and away The Best). Right click and select: Run As. Select Administrator and type in the password.

6. After both/all the PCs are done, access the Program Files on the other computer. It will ask you to choose "As Administrator". Click OK, click OK again and enter the password. It may take a minute to verify the permission and then Bingo!.

This seems to work irrespective of which level of user is logged in the two machines - administrator, user with admin rights or limited user.

Note: the steps do NOT switch "Use simple file sharing" ON again - it prevents from working.

Even bigger note: this change basically makes it possible for anyone who knows the adminstrator password to do whatever on the machines. Therefore you do undertake these changes are your own risk. I am not repsonsible for your security or your work practices.

I am unlikely to log back here any time soon, so good luck. I cannot provide any support -- because I am not that clever -- but you might get a response from rob - at - lasotell . com . au.

Regards,

Rob

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.