2.2 Given a scenario, configure and apply basic Microsoft Windows OS security settings.
📘CompTIA A+ Core 2 (220-1202)
Windows uses permissions to control who can access files and folders and what they are allowed to do.
There are two main types of permissions you must understand for the exam:
- NTFS permissions
- Share permissions
You must also understand:
- File and folder attributes
- Permission inheritance
1. NTFS Permissions
What is NTFS?
NTFS (New Technology File System) is the default file system used by modern versions of Windows (Windows 10, Windows 11).
NTFS permissions control access to files and folders stored on NTFS-formatted drives, such as:
- Internal hard drives
- SSDs
- External drives formatted as NTFS
When Do NTFS Permissions Apply?
NTFS permissions apply:
- When a user accesses files locally (logged in to the computer)
- When a user accesses files over the network
Common NTFS Permission Levels (Exam-Important)
| NTFS Permission | What It Allows |
|---|---|
| Full Control | Read, write, modify, delete, and change permissions |
| Modify | Read, write, delete, and change files |
| Read & Execute | View and run files |
| Read | View files only |
| Write | Create or change files |
Key Exam Points for NTFS Permissions
- NTFS permissions are very detailed and secure
- NTFS permissions work on files AND folders
- NTFS permissions are applied automatically to subfolders (inheritance) unless changed
- NTFS permissions are more powerful than share permissions
2. Share Permissions
What Are Share Permissions?
Share permissions control access to folders shared over a network.
They apply only when a folder is accessed remotely, such as:
- From another computer on the same network
- From a file server
When Do Share Permissions Apply?
Share permissions apply:
- Only over the network
- Not for local access
If a user logs in directly to the computer, share permissions do not apply.
Common Share Permission Levels (Exam-Important)
| Share Permission | What It Allows |
|---|---|
| Read | View files only |
| Change | Read, write, and delete files |
| Full Control | All actions, including changing permissions |
Key Exam Points for Share Permissions
- Share permissions are simpler than NTFS permissions
- Share permissions apply only to folders, not individual files
- Share permissions do not affect local users
- Share permissions are often used together with NTFS permissions
3. NTFS vs. Share Permissions (Very Important Exam Rule)
What Happens When Both Are Used?
When both NTFS and Share permissions are applied, the most restrictive permission always wins.
Example (IT Environment)
- NTFS permission: Read
- Share permission: Full Control
Effective permission: Read
(Because Read is more restrictive)
Exam Rule (Must Remember)
Effective permission = the most restrictive combination of NTFS and Share permissions
This rule is frequently tested on the exam.
Comparison Table (Exam-Ready)
| Feature | NTFS Permissions | Share Permissions |
|---|---|---|
| Applies locally | Yes | No |
| Applies over network | Yes | Yes |
| Works on files | Yes | No |
| Works on folders | Yes | Yes |
| Level of control | High | Basic |
| Inheritance supported | Yes | Limited |
4. File and Folder Attributes
What Are File and Folder Attributes?
Attributes define special properties of files and folders in Windows.
They control how the file behaves, not who can access it.
Common Attributes (Exam-Important)
| Attribute | Description |
|---|---|
| Read-only | File can be viewed but not modified |
| Hidden | File is hidden from normal view |
| System | Used by Windows system files |
| Archive | Marks files for backup |
Important Differences (Exam Tip)
- Attributes are NOT permissions
- Attributes do not control user access
- Permissions control who can do what
- Attributes control how the file behaves
Example (IT Environment)
- A configuration file may be set to Read-only to prevent accidental changes
- System files are marked as Hidden and System to protect them
5. Inheritance
What Is Inheritance?
Inheritance means:
Permissions applied to a folder are automatically passed to all files and subfolders inside it
Why Inheritance Is Important
Inheritance:
- Saves time
- Ensures consistent security
- Reduces configuration errors
Default Behavior
By default:
- Files and subfolders inherit permissions from their parent folder
- This applies mainly to NTFS permissions
Disabling Inheritance
Administrators can:
- Disable inheritance
- Set custom permissions on specific files or folders
This is commonly done when:
- A folder needs restricted access
- Sensitive data must be protected
Exam Points on Inheritance
- Inheritance applies mainly to NTFS permissions
- Inherited permissions are shown as grayed out in Windows
- Explicit permissions override inherited permissions
6. Summary for Exam Preparation
Key Points to Remember
- NTFS permissions control local and network access
- Share permissions control network access only
- NTFS permissions are more detailed and secure
- When both are used, the most restrictive permission applies
- File and folder attributes control behavior, not access
- Inheritance automatically applies permissions to subfolders and files
- Inheritance can be disabled when needed
Exam Focus Tip
If the exam question asks:
- Local access → NTFS
- Network access → Share + NTFS
- Final access result → Most restrictive permission
