Microsoft KB Archive/102339

= Permissions Comparison--NT AS vs. LAN Manager =

Article ID: 102339

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows NT Advanced Server 3.1

-



This article was previously published under Q102339



SUMMARY
This article discusses how file, directory, and printing permissions compare between Windows NT Advanced Server and LAN Manager version 2.x.



File and Directory Permissions
On a LAN Manager for OS/2 system, you can control access to all files and directories under the FAT, HPFS, or HPFS386 file systems. On a Windows NT system, you can control users' access to directories and files on drives formatted to use the Windows NT file system (NTFS). Drives formatted to use FAT and HPFS do not support Windows NT security. You can, however, secure Windows NT shared directories no matter what file system is in use.

The standard permissions for files and directories and their meanings are shown in the following tables, along with the individual permissions each standard permission represents. LAN Manager    NTFS                 Description ---

R          Read (RX)            User can read the contents of the file and run it if it is an                                application.

W (Write)    Change (RWXD)        Lets the user open and write to a                                 file, changing its contents. Windows NT allows deletion of the file.

D          N/A                  Lets the user delete files. (Delete)

X (Execute)  N/A                  Lets the user run a program, but not read or copy it.

A          N/A (Change Attributes)             Lets the user change file attributes.

P          N/A (Change Permissions)            Lets the user grant permissions for the file to other users.

Y          Full Control (All)   For LAN Manager, serves as a shortcut (Yes)                           to RWCDA permissions. When you give a                                user Y permission, you are granting RWCDA permissions.

For Windows NT, enables user to read, modify, delete, set permissions for, and take ownership of the file.

N          No Access            Prevents a user from using the file (No)                            or directory in any way, even if the user is a member of a group that has been granted access to the file. On                                LAN Manager, Y access given to a user overrides N access given to a group. On Windows NT, deny access takes precedence. For example, if a user has Full Control access for a file, but is a member of a group that has No Access for the same file, access is denied. In the second column of the following table (for NTFS directory permissions), the first set of individual permissions applies to the directory itself, and the second set of individual permissions applies to new files subsequently created in the directory.

Directory Permissions
LAN Manager    NTFS                   Description ---

R          Read (RX)(RX)          User can read files in the (Read)                            directory and run applications in                                   the directory.

W          Change (RWXD)(RWXD)    User can read and add files and (Write)                           change the contents of current files.

C          Add                    A user with C permission can create (Create)   (WX) (Not Specified)   a file and after creating it, can read from or write to the file until closing it.

Add & Read            Add enables a Windows NT user to            (RWX) (RX)             add files to the directory but not to read the contents of current files or change them.

Add & Read enables a user to add files to the directory and read current files, but not to change any files.

D          N/A                    Users can delete files and (Delete)                          subdirectories within the shared directory but cannot delete the shared directory itself.

X          N/A                    Lets the user run a program in the (Execute)                         directory, but not read it or copy it.

A          N/A (Change Attributes)               Lets the user change the attributes of files in the directory.

P          N/A (Change Permissions)              The user can change the permissions for the directory or files in the directory.

Y         Full Control (Yes)     (All)(All)              For LAN Manager, serves as                                   shortcut to RWCDA permissions. When you give a user Y permission, you are granting RWCDA permissions. User can read and change files, add new ones, change permissions for the directory and its files, and take ownership of the directory and its files.

N         No Access (No)      (None)(None)            Prevents a user from using the file or directory in any way. Usually, you can prevent a user from accessing a file or directory simply by not giving the user any permissions to it; however, you must use N permission to prevent a                                  specific user from accessing a file while granting access to the file or directory to a group the user belongs to. For Windows NT, users cannot access the directory in any way, even if they have Full Control access through membership in a                                  group.

N/A       List (RX)               User can only list the files and (Not Specified)                   subdirectories in this directory and change to a subdirectory of this directory. User cannot access new files created in this directory. NOTE: Permissions on shared Windows NT directories that are not NTFS are identical. Note that if a directory is both shared and on an NTFS volume, permissions are cumulative over the network.

Printer Permissions
LAN Manager        Windows NT Printer         Printer            Descriptions/ Queue          Permissions        Differences ---

Y              Print              Users can send jobs to the printer (Yes)                             queue.

N              No Access          Prevents a user from accessing the (No)                              printer queue.

Y+P            Full Control       Users can send jobs to and set (Yes+Change Permissions)          access permissions for the printer the printer queue. Users can print documents, change print settings, and completely manage documents and printers.

N/A            Manage Documents   Users can pause, resume, restart, delete, and control settings for documents.

Additional query words: prodnt

Keywords: kbnetwork KB102339

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.