Microsoft KB Archive/244600

= Default NTFS Permissions in Windows 2000 =

Article ID: 244600

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q244600



SUMMARY
This article lists the default permissions on a drive that has been formatted with the NTFS file system for the first time. Some of these folders are hidden by default.



MORE INFORMATION
The default NTFS permissions on common Windows 2000 folders on drive C are listed below. Note that this article assumes that Windows 2000 is installed on drive C. If you installed Windows 2000 on a different drive letter, substitute that drive letter for drive C in the folder locations listed below:

Default NTFS Permissions for Servers Configured as Member Servers:
C:\ (Note: Setup does not change the permissions on %systemdrive% because the Windows 2000 ACL Inheritance model would recursively try to configure all subdirectories of the root. Administrators should configure root directory security according to their own system configurations and requirements.)

C:\Program Files and Administrators - Full Control Creator/Owner - Full Control Users - Read System - Full Control Power Users - Change Terminal Server User - Change

C:\Documents and Settings Administrators - Full Control Power Users - Read Everyone - Read Users - Read System - Full Control

C:\Documents and Settings\Administrator and Administrator - Full Control Administrators - Full Control System - Full Control

C:\Documents and Settings\All Users and Administrators - Full Control Power Users - Change Users - Read Everyone - Read System - Full Control

C:\Documents and Settings\Default User and Administrators - Full Control Power Users - Read Users - Read Everyone - Read System - Full Control

C:\%SystemRoot% Administrators- Full Control Creator/Owner - Full Control Everyone - Read Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Addins Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Connection Wizard Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Config Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Cursors Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Debug Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Driver Cache Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Driver Cache\I386 Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Fonts Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Help Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read Terminal Server User - Special (RWX) System - Full Control

C:\%SystemRoot%\Inf Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Java and Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Media Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Msagent and subfolders Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Msapps and subfolders Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Mww32 and subfolders Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Registration Administrators - Full Control Everyone - Read System - Full Control

C:\%SystemRoot%\Repair Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Security and Administrators- Full Control Creator/Owner - Full Control Power Users - Read Users - Read System - Full Control

C:\%SystemRoot%\Speech Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32 Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read Everyone - Read System - Full Control

C:\%SystemRoot%\System32\CatRoot Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Com Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Config Administrators- Full Control Creator/Owner - Full Control Power Users - Read Users - Read System - Full Control

C:\%SystemRoot%\System32\Dhcp Administrators- Full Control Creator/Owner - Full Control Power Users - Read Users - Read System - Full Control

C:\%SystemRoot%\System32\Drivers and Administrators- Full Control Creator/Owner - Full Control Power Users - Read Users - Read System - Full Control

C:\%SystemRoot%\System32\DTCLog Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\system32\export Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\GroupPolicy and Administrators - Full Control Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\IAS Administrators - Full Control Creator/Owner - Full Control System - Full Control

C:\%SystemRoot%\System32\Inetsrv Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Mui and Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Npp Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\NtmsData Administrators - Full Control System - Full Control

C:\%SystemRoot%\System32\Os2 and Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Ras Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Rocket Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Rpcproxy Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Setup Everyone - Full Control C:\%SystemRoot%\System32\ShellExt Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Spool and Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Wbem and Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\System32\Wins Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

C:\%SystemRoot%\Temp Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Special System - Full Control

C:\%SystemRoot%\twain_32 Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control C:\%SystemRoot%\Web Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

Any other folders Administrators- Full Control Creator/Owner - Full Control Power Users - Change Users - Read System - Full Control

Default NTFS Permissions for Servers Configured as Domain Controllers:
C:\ (Note: Setup does not change the permissions on %systemdrive% because the Windows 2000 ACL Inheritance model would recursively try to configure all subdirectories of the root. Administrators should configure root directory security according to their own system configurations and requirements.)

C:\Program Files and Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control C:\Documents and Settings Administrators - Full Control Everyone - Read Users - Read System - Full Control

C:\Documents and Settings\Administrator and Administrator - Full Control Administrators - Full Control System - Full Control

C:\Documents and Settings\All Users and Administrators - Full Control Users - Read Everyone - Read System - Full Control

C:\Documents and Settings\Default User and Administrators - Full Control Users - Read Everyone - Read System - Full Control

C:\%SystemRoot% Administrators- Full Control Creator/Owner - Full Control Everyone - Read Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Addins Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Connection Wizard Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Config Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Cursors Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Debug Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Driver Cache Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Driver Cache\I386 Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Fonts Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Help Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Inf Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Java and Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Media Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Msagent and subfolders Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Msapps and subfolders Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Mww32 and subfolders Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Registration Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Repair Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Security and Administrators - Full Control Server Operators - Read Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Speech Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32 Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read Everyone - Read System - Full Control

C:\%SystemRoot%\System32\CatRoot Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Com Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Config Administrators - Full Control Creator/Owner - Full Control Server Operators - Read Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Dhcp Administrators - Full Control Creator/Owner - Full Control Server Operators - Read Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Drivers and Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\DTCLog Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\system32\export Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\GroupPolicy and Administrators - Full Control Creator/Owner - Full Control Server Operators - Read Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\IAS Administrators - Full Control Creator/Owner - Full Control Server Operators - Change System - Full Control

C:\%SystemRoot%\System32\Inetsrv Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Mui and Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Npp Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\NtmsData Administrators - Full Control System - Full Control

C:\%SystemRoot%\System32\Os2 and Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Ras Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Rocket Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Rpcproxy Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Setup Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control C:\%SystemRoot%\System32\ShellExt Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Spool and Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Print Operators - Full Control Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Wbem and Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\System32\Wins Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

C:\%SystemRoot%\Temp Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Special System - Full Control

C:\%SystemRoot%\twain_32 Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control C:\%SystemRoot%\Web Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

Any other folders Administrators - Full Control Creator/Owner - Full Control Server Operators - Change Authenticated Users - Read System - Full Control

NOTE: These permissions do not apply to a drive that is converted to NTFS using the Convert utility. A converted NTFS drive consists of all files and folders with Everyone--Full Control as the default permission.

NOTE: The default permissions for the C:\ root directory, and all other hard drive root directories (for example D:\, E:\), enable Full Control for the Everyone special group, in Windows 2000.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

148437 Default NTFS Permissions in Windows NT

Keywords: kbenv kbinfo KB244600

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.