Gelişmiş Ntfs İzinleri

Merhaba Arkadaşlar,

Bu yazımda Klasörler bazında gelişmiş NTFS izinlerinden bahsedeceğim.
Ntfs izinleri tüm çalışanların en çok ihtiyaç duyduğu güvenlik izinlerindendir.

-Advanced Sekmesinden gelişmiş ayarlara erişebiliriz.


-Bu kısımda hangi kullanıcıların hangi yetkilere sahip olduğunu görebiliriz.


– Her hangi bir kullanıcının yetkilerini düzenlemek isterseniz o kullanıcıya iki kez tıklayınız aşağıdaki pencere açılacaktır. Bu kısımda gözüken yetkiler Basic normal yetkilerdir, ben size bugün gelişmiş olarak nerelerle oynayabiliriz onları anlatacağım.


-Gelişmiş yetkileri göstere tıklıyoruz.


-Aşağıda belirttiğim gibi yetkileri düzenleyebiliriz.


– Artık istediğimiz kullanıcıya yetkileri verdik ve bir önceki adıma geri geldik, eğerki Disable İnheritance(Mirası Redetme)’ye tıklarsak üst klasörlerden gelen yetkilerden vazgeçmiş oluruz ve bu klasörün özel bir klasör olduğunu belirtiriz.


-“Convert İnherited permissions into explicit permissions on this object.” İ seçersek tüm yetkileri tut ancak inheritance ile gelen yetkileri düzenleyebilmenizi sağlar ve artık üst klasörlerden gelen yetki işlemlerini tanımaz. Genellikle bunu öneririm çünkü, tüm yetki grupların silinmesi sizde sorun çıkartabilir, tek tek düzenlemek her zaman daha çok tavsiye edilir.


-“Remove all inherited permissions from this object.” İheritance ile gelen ve aktif olan tüm kullanıcı grupları siler, size tertemiz bir İzin ekleme bölümü bırakır.


-“Replace all child object permission entries with inheritable permission entries from this object” kısmını işaretlersek, işlem yaptığımız bölüm olarak değil sadece tüm alt klasörleriyle birlikte düzenlediğimiz yetki gruplarının ve yetkilerinin belirttiğimiz gibi aktif olmasını sağlar.

 


 

Permissions for files and folders

Folder permissions include Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. For information about these permissions, see File and folder permissions. Each of these permissions consists of a logical group of special permissions which are listed and defined below.

Permission Description
Traverse Folder/Execute File For folders: Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders. (Applies to folders only.) Traverse folder takes effect only when the group or user is not granted the Bypass traverse checking user right in the Group Policy snap-in. (By default, the Everyone group is given the Bypass traverse checking user right.)For files: Execute File allows or denies running program files. (Applies to files only).

Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.

List Folder/Read Data List Folder allows or denies viewing file names and subfolder names within the folder. List Folder only affects the contents of that folder and does not affect whether the folder you are setting the permission on will be listed. (Applies to folders only.)Read Data allows or denies viewing data in files. (Applies to files only.)
Read Attributes Allows or denies viewing the attributes of a file or folder, such as read-only and hidden. Attributes are defined by NTFS.
Read Extended Attributes Allows or denies viewing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.
Create Files/Write Data Create Files allows or denies creating files within the folder. (Applies to folders only).Write Data allows or denies making changes to the file and overwriting existing content. (Applies to files only.)
Create Folders/Append Data Create Folders allows or denies creating folders within the folder. (Applies to folders only.)Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data. (Applies to files only.)
Write Attributes Allows or denies changing the attributes of a file or folder, such as read-only or hidden. Attributes are defined by NTFS.The Write Attributes permission does not imply creating or deleting files or folders, it only includes the permission to make changes to the attributes of a file or folder. In order to allow (or deny) create or delete operations, see Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete.
Write Extended Attributes Allows or denies changing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.The Write Extended Attributes permission does not imply creating or deleting files or folders, it only includes the permission to make changes to the attributes of a file or folder. In order to allow (or deny) create or delete operations, see Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete.
Delete Subfolders and Files Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file. (Applies to folders.)
Delete Allows or denies deleting the file or folder. If you do not have Delete permission on a file or folder, you can still delete it if you have been granted Delete Subfolders and Files on the parent folder.
Read Permissions Allows or denies reading permissions of the file or folder, such as Full Control, Read, and Write.
Change Permissions Allows or denies changing permissions of the file or folder, such as Full Control, Read, and Write.
Take Ownership Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.
Synchronize Allows or denies different threads to wait on the handle for the file or folder and synchronize with another thread that may signal it. This permission applies only to multithreaded, multiprocess programs.

 


Yazar: Kerim CANTÜRK