Managing Windows NTFS permissions (also know as Access Control Lists) has always been difficult for users because of the complex UI dialogs and concepts involved. Copying permissions is even harder because when you normally copy files from Explorer, permissions are not retained. You have to use command line tools like icacls to manage permissions. In this article, we will look at a free third party app called NTFS Permissions Tools that makes setting permissions extremely easy.
You can set permissions on files and folders from the Security tab in Properties.
The third party freeware app, called 'NTFS Permissions Tools' comes with an easy to use GUI for setting permissions and changing ownership on multiple files. It goes further than what Windows allows from its GUI and allows backing up permissions to a file from which it can restore them later. Or you can simply copy the permissions or all security settings on an object and paste them to another object. This is a very useful function because in Windows, various different rules apply when you copy or move files.
- When you copy or move an object to a different folder on the same volume (drive), the original permissions are retained, that is, the object preserves its permissions by default.
- When you copy or move an object to another volume (drive), the object inherits the permissions of its new parent folder.
However while copying or moving items, Windows offers you no easy control over this. NTFS Permissions Tools takes the pain out of this entirely because it can copy and paste permissions separate from the object itself.
- NTFS Permissions Tools is a portable tool, which requires no installation. It is developed by a Chinese developer, Han Rui. The website is here. but it always seems to have problems with links and the site URLs keep changing constantly. You can download the latest version of 'NTFS Permissions Tools' directly from the developer's blog. (link to his Chinese blog is here but the app itself does have an English UI). Extract the ZIP and run the appropriate version (32-bit or 64-bit) for your Windows version. If you are unable to download it from the developer's website, get it here from Winaero.
- When you open it, it will ask for UAC elevated permissions. Click Yes. The program has 1-click buttons to set Allow, Deny or Read-only permissions.
- It has two modes of operation. Edit Mode and Browse Mode. In Edit mode, you simply drag and drop any files and folders whose permissions you want to modify, inside its window.
- In Browse mode, you can browse files and folders like a file manager does. You can select a single file or folder or you can select multiple files and folders. Then you can right click on the selected items under any column and change the permissions, accounts and Owner.
- Clicking the Advanced button brings up a Windows-like interface for doing all the advanced tasks such as adjusting inheritable permissions, replacing child object permissions, selecting users or groups etc.
- You can also create NULL or empty Discretionary Access Control Lists (DACLs) on an object by right clicking it and selecting "Empty Access Control List". Null DACLs grant full access to anyone who can access the object. An empty DACL does not grant access to the object until the owner of the object assigns permissions.
Copying and pasting permissions
Right click any item whose permissions you want to copy and click "Copy Permissions" or "Copy Security Settings". The difference between the two is that the former only copies Allow/Read-Only/Deny permissions, whereas the latter copies the Owner as well. The program doesn't yet support copying Auditing permissions, so for configuring those you will have to use the Windows native permissions dialogs.
Closing words
NTFS Permissions Tools is a must-have application for every system administrator or IT pro. Given the number of times you have to deal with permissions in newer releases of Windows when accessing another user's files, end users will find it useful too. You can reduce your usage of icacls for the tasks it supports, although for some activities like finding Security IDs, setting integrity level etc, icacls will still be required.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
Quite a promising tool.
But it is a dangerous one, do some tests before applying modifications, if not, you can end up by removing any type of access and I strongly advise not to use in a domain environment.
What I have noticed:
– Replication under sub-folders doesn’t work correctly, if not at all, even when I change the General Preferences. I noticed it with the “Copy/Paste Security Settings” “, I do not know if replication will work correctly with other types of action.
– Ownership is replaced by default, everywhere; at least spare the folders ownership (as in RoboCopy), it is a valuable information in companies.
– Modification date is kept to the previous value, excellent!!
– In the advanced settings, I couldn’t get the security groups from AD, even if I was in the good OU. It is why I favored the “Copy/Paste security Settings” action.
– Add a progress bar when replicating, or a display message.
– As for the interface; simple style with big imaged buttons, this may tend to make user believe it’s a kid’s game, which is obviously not. Add some more pro GUI and options, administrators will be your bread and butter for this tool, unless you really are only interrested in home users. This is really a personal opinion.
I’ll come back in a few months to get a newer version and give it another try, I really belive NTP can be a superb tool filling up somes gasps in NTFS management. There few PowerShell scripts here and there, but all the ones I saw where only basic operations, and mainly only for reporting, your tool takes it to next level.
Thank you,
Just to mention, Google captured this article on Feb. 14, 2014.
Just for note: this tool is not created by Winaero :)
Hi,
Thank for your nice article. I found the link now is http://dbcstudio.net/software/npt/main.html FYI.
He has created some useful tools that you can try it, such like WIMKIT.
Thanks, we will look
That is very useful software. My thousand of file is restricted so that software is very use full to me
Hi, It looks a very useful software which is more user friendly to play.
What I am looking for is, I need to restrict users to delete files and folders but can rename the folders or files.
So, is it possible here in this application ?
It must be possible, but I have not tried.