Windows NT Security
The Basics:
Where To Find Additional Information

Wendall Mayson

WSRC-MS-97-0338

wendall.mayson@srs.gov

(803) 208-3438

Westinghouse Savannah River Company

Savannah River Site

Aiken, SC 29808

Web Sites

  1. CMP's NT Solution Center - http://techweb.cmp.com/ecg/nt
  2. Win NT Update - http://www.zdnet.com/wsources/update/ntupdfr.html
  3. Windows NT Resources - http://www.winntmag.com/resources
  4. Windows NT Resources Site - http://www.chancellor.com/ntmain.html
  5. Microsoft Windows NT Page for Help Files, Service Packs, etc. http://www.microsoft.com/NTWksSupport/default-sl.htm
  6. Frank's Windows Page - http://www.conitech.com/windows/index.html
  7. Microsoft's Hardware Compatibility List for Windows NT 4.0 - http://www.microsoft.com/isapi/hwtest/hsearchn4.idc
  8. Lifeform WindowsNT Resource http://www.lifeform.demon.co.uk/ntres.html#security
  9. How to Create Internet Site with Windows NT only - http://www.neystadt.org/winnt/site.htm
  10. Beverly Hills Software's Windows NT Resource Center - http://www.bhs.com
  11. Digital's Windows NT Home Page - http://www.windows.digital.com/INDEX.HTP
  12. Windows NT Web Server Tools - http://www.primenet.com/~buyensj/ntwebsrv.html
  13. Rick's Windows NT Info Center - http://rick.wzl.rwth-aachen.de/rick
  14. Microsoft's Windows NT Server Page -http://www.microsoft.com/ntserver/default.asp
  15. Microsoft's Windows NT Workstation Page - http://www.microsoft.com/ntworkstation/default.asp
  16. File Mine - http://www.filemine.com
  17. WindowsHelper - http://www.techweb.com/helper/thfeature/winhelp.html
  18. Somarsoft, Inc. - http://www.somarsoft.com
  19. Miscellaneous Security Documents - http://www.alw.nih.gov/Security/security-docs.html
  20. Computer Security Resource Clearing House - http://csrc.nist.gov
  21. Security Info Page - http://www.securityinfo.com

Books

  1. Windows NT 3.5 Guidelines for Security, Audit, and Control by Microsoft Press - ISBN 1-55615-814-9, (A little dated, but still an excellent book.)
  2. Windows NT Security Guide by Stephen A. Sutton - ISBN: 0-201-41969-6
  3. Network & Internet Security by Vijay Ahuja - ISBN: 0-12-045595-1
  4. Microsoft Windows NT Workstation Resource Kit Version 4.0 - ISBN: 1-57231-343-9
  5. Microsoft Windows NT Server Resource Kit Version 4.0 - ISBN: 1-57231-344-7
  6. Microsoft Windows NT Server Resource Kit Version 4.0, Supplement 1 - ISBN: 1-57231-559-8
  7. Microsoft Windows NT Resource Kit For Windows NT Workstation and Windows NT Server Version 3.51 - ISBN: 1-55615-926-9
  8. Running Microsoft Windows NT Server 4.0 by Charlie Russell and Sharon Crawford - ISBN: 1-57231-333-1
  9. Inside Windows NT by Helen Custer - ISBN: 1-55615-481-X
  10. Inside the Windows NT® File System by Helen Custer - ISBN: 1-55615-660-X
  11. Microsoft Windows NT 4.0 Upgrade Training - ISBN: 1-57231-528-8
  12. Microsoft Internet Information Server Training - ISBN: 1-57231-425-7
  13. Windows NT 4.0 Server Unleashed by Jason Garms - ISBN 0-672-30933-5
  14. Inside Windows NT Workstation by George Eckel - ISBN 1-56205-583-6

Permission Tables

Basic Permissions that may be assigned to files

No Access
Read
Change
Full Control
View File's Data
YES
YES
YES
View File's Attributes
YES
YES
YES
Execute File (if it is a program)
YES
YES
YES
View File's Owner & Permissions
YES
YES
YES
Change File's Attributes
YES
YES
Change Data In The File And Add Data To The File
YES
YES
Delete File
YES
YES
Take Ownership Of File And Change File Permissions
YES

Custom Permissions that may be assigned to files when the basic permission "Special Access" is selected

READ
WRITE
EXECUTE
DELETE
CHANGE

PERMISSION
TAKE

OWNERSHIP
FULL

CONTROL
View File's Owner & Permissions
YES
YES
YES
YES
View File's Data
YES
YES
View File's Attributes
YES
YES
YES
Change File's Attributes
YES
YES
Change Data In The File And Add Data To The File
YES
YES
Execute File (if it is a program)
YES
YES
Delete File
YES
YES
Change File Permissions
YES
YES
Take Ownership Of File
YES
YES

Basic Permissions that may be assigned to directories

NO

ACCESS
LIST
READ
ADD
ADD + READ
CHANGE
FULL

CONTROL
View File Names In A Directory
YES
YES
YES
YES
YES
View Directory Attributes
YES
YES
YES
YES
YES
YES
Change To Subdirectories
YES
YES
YES
YES
YES
YES

Change Directories Attributes


YES



YES


YES
YES

Add Subdirectories And Files


YES



YES


YES
YES
View Directory's Owner And Permissions
YES
YES
YES
YES
YES
YES
Delete Directory
YES
YES
Delete Files Or Empty Subdirectories in Directory
YES
Change Directory Permissions
YES
Take Ownership Of Directory
YES

Custom Permissions that may be assigned to directories when the basic permission "Special Directory Access" is selected

READ
WRITE
EXECUTE
DELETE
CHANGE

PERMISSION
TAKE

OWNERSHIP
FULL

CONTROL
View File Names In A Directory
YES


YES
View Directory Attributes
YES
YES
YES
Add Subdirectories And Files
YES
YES
Change Directories Attributes
YES
YES
Change To Subdirectories
YES
YES
View Directory's Owner And Permissions
YES
YES
YES
YES
Delete Directory
YES
YES
Change Directory Permissions
YES
YES
Take Ownership Of Directory
YES
YES

Permissions for directories and their effects on files

NO ACCESS
LIST
READ
ADD
ADD + READ
CHANGE
FULL

CONTROL
View File's Owner & Permissions
YES
YES
YES
YES
View File's Data
YES
YES
YES
YES
View File's Attributes
YES
YES
YES
YES
Change File's Attributes
YES
YES
Change Data In The File And Add Data To The File
YES
YES
Execute File (if it is a program)
YES
YES
YES
YES
Delete File
YES
YES
Change File Permissions
YES
Take Ownership Of File
YES

Permissions that may be assigned to shared directories

NO ACCESS
READ
CHANGE
FULL CONTROL
View Subdirectory and File Names
YES
YES
YES
View File's Data And Attributes
YES
YES
YES
Execute File (if it is a program)
YES
YES
YES
Change To Subdirectories
YES
YES
YES
Add Subdirectories And Files
YES
YES
Change Data In The File And Add Data To The File
YES
YES
Change File's Attributes
YES
YES
Delete Files Or Empty Subdirectories in Directory
YES
YES
Change Directory, Subdirectory, Or File Permissions (NTFS)
YES
Take Ownership of Directory, Subdirectories, Or Files (NTFS)
YES

Permission Abbreviations

PERMISSION
ABBREVIATION
Read
R
Delete
D
Write
W
Change Permission
P
Execute
X
Take Ownership
O

Permissions that may be assigned to Registry keys and subkeys

PERMISSION
DESCRIPTION
ReadRead the key.
Full ControlRead, edit, and take ownership of the key.
Special AccessSee individual permissions below
Query ValueRead a value entries from a key
Set ValueSet value entries in a key
Create SubkeyCreate subkeys on a key
Enumerate SubkeysIdentify the subkeys of a key
NotifyAudit notification events from a key
Create LinkCreate a symbolic link in a key
DeleteDelete a key
Write DACWrite to the ACL (assign a permission) of a key
Write OwnerTake ownership of a key
Read ControlAccess the security assigned to a key

Permissions that may be assigned to printers

No Access
Print
Manage

Documents
Full Control
Print Documents
YES
YES
Control Document Settings
YES
YES
Pause, Resume, Restart, or Delete Print Jobs
YES
YES
Change The Order Of Print Jobs
YES
Pause Or Resume Printer
YES
Purge Printer
YES
Change Printer Properties
YES
Delete A Printer
YES
Change Printer Permissions
YES