Microsoft Certified Professional Developer/Exam 70-290: Managing and Maintaining a Microsoft Windows Server 2003 Environment/Configure File System Permissions

NTFS Permissions
NTFS Permissios are used to control who has access to files and folders, and what they can do with them.
 * They can only be used on NTFS volumes (not FAT or FAT32)
 * They apply whether the files and folders are accessed locally or over a network
 * Note: Share permissions only apply to network access and cannot be used to control local access

Permissions Inheritance
By default, permissions for subfolders and files are inherited from the parent folder. You can prevent files and folders from inheriting permissions:
 * Right-click a file or folder
 * Choose Properties
 * Go to the Security tab and click the Advanced button
 * This will open the Advanced Security Settings dialog box
 * Untick the "Inherit from parent..." checkbox at the bottom
 * At this point you can either copy the permissions from the parent folder (in order to modify them), or clear all permissions from the selected file or folder (in order to set new permissions from scratch)

Effective Permissions
Generally, when a user is a member of more than one group which has permissions set on a file or folder, their effective permissions on that object are the sum of the permissions assigned to them. However, there are a few additional rules to take into account:
 * Deny permissions override Allow permissions
 * File permissions override Folder permissions
 * Explicit permissions override Inherited permissions

The order of precedence for permissions is:
 * 1) Explicit Deny overrides
 * 2) Explicit Allow overrides
 * 3) Inherited Deny overrides
 * 4) Inherited Allow