Microsoft Exam MD:100 Windows 10 Certification Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Understanding the Effective Access feature

The Effective Access feature determines the permissions a user or group has on an object by calculating the permissions that are granted to the user or group. The calculation considers the group membership permissions and any of the permissions that are inherited from the parent object.

The calculation determines all the domain and local groups that the user or group is a member of.

The Effective Access feature only produces a rough calculation of the permissions that a user has. The actual permissions that a user has might be different, because permissions can be granted or denied based on how a user signs in.

To view the Effective Access permissions, follow the following steps:

  1. Open File Explorer.
  2. Right-click on a folder.
  3. Click the Properties | Security | Advanced | Effective Access | Select a user button.
  4. Choose a user and click OK.
  5. Then, click View effective access. The Effective Access tab can be seen in the following screenshot:
Figure 5.5 - Effective Access dialog box

Figure 5.5 - Effective Access dialog box

In the next section, we will take a look at what the behavior of file and folder permissions are when we copy or move the files and folders to a different location (on the same or different volume).

Learning about copying and moving files

When you copy or move a file or folder, the permissions can change, depending on where you move the file or folder. Therefore, when you copy or move files or folders, it is important to understand the impact this has on permissions.

Effects of copying files and folders

When you copy a file or folder from one folder to another folder, or from one volume to another volume, the permissions for the files or folders might change. Copying a file or folder creates new objects with the same content as the original files or folders, which has the following effects on permissions:

  • When you copy a file or folder within a single volume, the copy of the folder or file will receive the permissions of the destination folder.
  • When you copy a file or folder to a different volume, the copy of the folder or file will receive the permissions of the destination folder.

When you copy a file or folder to a volume that does not support permissions, such as a FAT file system, the copy of the folder or file loses its permissions. This is because the target volume does not support permissions.

Important Note

When you copy a file or folder within a single volume or between volumes, you must have the Read permission for the source folder and the Write permission for the destination folder.

When you are copying or moving files and folders, the copied files and folders will receive the permissions from the folder above (origin folder). But what are the effects of moving files and folders? You will learn about that in the next section.

Effects of moving files and folders

When you move a file or folder, permissions might change, depending on the destination folder's permissions. Moving a file or folder has the following effects on permissions:

  • If you move a file or folder within the same volume, only the pointers are updated, and data is not moved. Permissions that are inherited at the source location no longer apply and the file or folder that you moved inherits the permissions from the new parent folder. If the file or folder has explicitly assigned permissions, it retains those permissions, in addition to the newly inherited permissions.
  • When you move a file or folder to a different volume, the folder or file inherits the destination folder's permissions, but it does not retain the explicitly assigned or inherited permissions from the source location. When you move a folder or file between volumes, Windows 10 copies the folder or file to the new location and deletes the original file from the source location.
  • When you move a file or folder to a volume that does not support permissions, the folder or file loses its permissions because the target volume does not support permissions.

    Important Note

    Most files do not have explicitly assigned permissions. Instead, they inherit permissions from their parent folder. If you move files that only have inherited permissions, they do not retain the inherited permissions during the move.

    Also, when you move a file or folder within a volume or between volumes, you must have both the Write permission for the destination folder and the Modify permission for the source file or folder. You need the Modify permission to move a folder or file because Windows 10 deletes the folder or file from the source folder after it has been moved to the destination folder.

The Copy command is not aware of the security settings on folders or files. However, commands that are more robust have this awareness, some of which are as follows:

  • Xcopy: This has the /o switch so that it can include ownership and ACL settings.
  • Robocopy: This has several switches that cause security information to be copied. They are /Copy:DAT and /Sec. In the /Copy:DAT term, D stands for Data, A stands for Attributes, and T stands for Timestamps. You can add the S flag after T, where S stands for Security, such as NTFS ACLs. /Sec is the equivalent of /Copy:DATS.

In this section, you learned how you can configure and maintain file access in a Windows 10 environment. You can do this via the File Explorer, PowerShell, or Command Prompt. You also learned about how to set permissions and what inheritance permissions are, as well as how you can force or prevent this type of permissions. You also learned what will happen when you move or copy files within the same volume or to another volume.

In the next section, you will learn how to configure and maintain shared folders.

上一章目录下一章