Article ID: 277867
Article Last Modified on 4/20/2007
APPLIES TO
- Microsoft Office Word 2007
- Microsoft Office Word 2003
- Microsoft Word 2002 Standard Edition
- Microsoft Word 2000 Standard Edition
This article was previously published under Q277867
SUMMARY
This article describes the Microsoft Windows NTFS file system permissions that are required when you perform specific Microsoft Word operations on any NTFS partition that has one of the following Microsoft Windows operating systems installed:
- Windows 2000
- Windows XP Professional
- Windows Server 2003
- Windows Vista
MORE INFORMATION
Description of File System Folder and File Permissions
Windows 2000 enforces security at every folder level. On a computer that is running Windows 2000, if a user has no permissions for a high-level folder, the user cannot access that folder or view its contents.
Folder permissions control general access to a folder, its files, and its subfolders. When granted at the folder level, the permissions apply to all the files and subdirectories in that folder, unless the permissions are redefined at the file or subfolder level.
The following six folder permissions can be granted at the folder level on a Windows 2000 file system.
| Folder permission | Explanation |
|---|---|
| List Folder Contents | User can only list the files and subdirectories in this folder. User cannot open any files created in this folder. |
| Read | User can read the contents of files in this folder. |
| Read & Execute | User can read the contents of files in this folder and also execute files in this folder. |
| Modify | User can read, write, execute, create, and delete files in this folder. |
| Write | User can read, write, and create files or folders in this folder. |
| Full Control | User can read and change files, add new ones, change permissions for the folder and its files, and take ownership of the folder and its files. |
The following table shows the logical group of special permissions associated with folder permissions.
| Special permission | Full Control | Modify | Read & Execute | List Folder Contents | Read | Write |
|---|---|---|---|---|---|---|
| Traverse Folder/Execute File | x | x | x | x | ||
| List Folder/Read Data | x | x | x | x | x | |
| Read Attributes | x | x | x | x | x | |
| Read Extended Attributes | x | x | x | x | x | |
| Create Files/Write Data | x | x | x | |||
| Create Folders/Append Data | x | x | x | |||
| Write Attributes | x | x | x | |||
| Write Extended Attributes | x | x | x | |||
| Delete Subfolders and Files | x | |||||
| Delete | x | x | ||||
| Read Permissions | x | x | x | x | x | x |
| Change Permissions | x | |||||
| Take Ownership | x | |||||
| Synchronize | x | x | x | x | x | x |
File permissions control access to specific files in a folder. They are used to redefine the permissions that users inherit from folder permissions.
The following permissions can be granted at the file level on a Windows 2000 file system.
| File permission | Description |
|---|---|
| Read & Execute | User can read the contents of a file or execute a file. |
| Read | User can read the content of the file. |
| Modify | User can read, write, delete, and create a file. |
| Write | User can write to files. |
| Full Control (All) | User can read and change the file, add new ones, change permissions for the file, and take ownership of the file. |
The following table shows the logical group of special permissions associated with the file permissions.
| Special permission | Full Control | Modify | Read & Execute | Read | Write |
|---|---|---|---|---|---|
| Traverse Folder/Execute File | x | x | x | ||
| List Folder/Read Data | x | x | x | x | |
| Read Attributes | x | x | x | x | |
| Read Extended Attributes | x | x | x | x | |
| Create Files/Write Data | x | x | x | ||
| Create Folders/Append Data | x | x | x | ||
| Write Attributes | x | x | x | ||
| Write Extended Attributes | x | x | x | ||
| Delete Subfolders and Files | x | ||||
| Delete | x | x | |||
| Read Permissions | x | x | x | x | x |
| Change Permissions | x | ||||
| Take Ownership | x | ||||
| Synchronize | x | x | x | x | x |
Description of Special Permissions for Files and Folders
You can set any or all of the following special permissions on files and folders.
| Special permission | Description |
|---|---|
| Traverse Folder/Execute File | Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders (applies to folders only). Traverse Folder takes effect only when the group or user is not granted the Bypass Traverse Checking user right in the Group Policy snap-in. (By default, the Everyone group is given the Bypass Traverse Checking user right.)
|
| List Folder/Read Data | List Folder allows or denies viewing file names and subfolder names within the folder (applies to folders only). Read Data allows or denies viewing data in files (applies to files only). |
| Read Attributes | Allows or denies viewing the attributes of a file or folder, such as read-only and hidden. Attributes are defined by NTFS file system. |
| Read Extended Attributes | Allows or denies viewing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program. |
| Create Files/Write Data | Create Files allows or denies creating files within the folder (applies to folders only).
|
| Create Folders/Append Data | Create Folders allows or denies creating folders within the folder (applies to folders only).
|
| Write Attributes | Allows or denies changing the attributes of a file or folder, such as read-only or hidden. Attributes are defined by NTFS. |
| Write Extended Attributes | Allows or denies changing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program. |
| Delete Subfolders and Files | Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file. |
| Delete | Allows or denies deleting the file or folder. If you do not have Delete permission on a file or folder, you can still delete it if you have been granted Delete Subfolders and Files on the parent folder. |
| Read Permissions | Allows or denies reading permissions of the file or folder, such as Full Control, Read, and Write. |
| Change Permissions | Allows or denies changing permissions of the file or folder, such as Full Control, Read, and Write. |
| Take Ownership | Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder. |
| Synchronize | Allows or denies different threads permission to wait on the handle for the file or folder and synchronize with another thread that may signal it. This permission applies only to multithreaded, multiprocess programs. |
NTFS Permissions Required to Only Read Documents
READ, OR READ & EXECUTE
The following is a list of folders where users need only Read or Read & Execute permissions to run Word (they only need to be able to read from these folders):
- Server location of Word program folder tree (Administrative installation)
- Server location of shared Microsoft applications (MSAPPS) folder tree (Administrative installation)
- Windows program folder, if running shared Windows
- Any server directories where you store graphics or other source files for links that you do not want users to be able to modify in Word
NOTE: In addition, you need to apply Read-Only and Shareable flags to all the files in these locations. Usually, the Windows 2000 network administrator sets this sequence of permissions and attributes after performing the server installation of Windows or a program.
NTFS Permissions Required to Create or Modify Documents
MODIFY OR FULL CONTROL
The following is a list of folders where users need these permissions to run Word:
- The workstation's Word program folder tree, if it is located on the server
- Temporary folder, if it is located on the server
- Any server folders where the user stores documents
- Any server folders where source files for links are located that the user needs to modify (for example, Microsoft Excel worksheets or charts)
NOTE: The minimum permission setting needed in order to open, edit, and save a document within a Windows 2000 folder is Modify.
Symptoms of Missing NTFS Permissions
| Permission | Symptom |
|---|---|
| Write and List Folder contents | The error message "Word cannot open the document" appears when you try to open a file. |
| Read, Write | These permissions allow you to open a document, but when you close the document, the temp files associated with this document are not deleted. Also you cannot save the document, because the temp files cannot be modified or deleted. |
Additional query words: rights winnt wd2000 WD2002 WD2003 WD2007
Keywords: kbexpertisebeginner kbinfo KB277867
