Every container and object on the network has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups.
When you are a member of a security group that is associated with an object, you have some ability to manage the permissions on that object. For those objects you own, you have full control. You can use different methods, such as Active Directory Domain Services (AD DS), Group Policy, or access control lists, to manage different types of objects.
This section contains:
What Are Permissions?
File and Folder Permissions
Share and NTFS Permissions on a File Server
- Inherited Permissions
- How Effective Permissions Are Determined
Determine Where to Apply Permissions
Set, View, Change, or Remove Permissions on an Object
- For information about managing permissions by using AD DS, see
Assign, change, or remove permissions on Active Directory objects or attributes(https://go.microsoft.com/fwlink/?LinkId=63970).
- For information about managing permissions by using Group Policy, see
Apply or Modify Permission Entries for Objects Using Group Policy(https://go.microsoft.com/fwlink/?LinkId=64928).