Windows uses two permission models to secure files and folders: NTFS permissions (file system level) and Share permissions (network level).
NTFS (New Technology File System) permissions control local and network access to files/folders stored on NTFS-formatted drives.
| Permission | Description |
|---|---|
| Full Control | All permissions including changing ACLs |
| Modify | Read, write, delete, modify |
| Read & Execute | Open files and run programs |
| List Folder | View folder contents |
| Read | View content and attributes |
| Write | Modify content and create files/folders |
✅ NTFS permissions apply to both local and remote users.
Share permissions apply only when accessing folders over the network.
| Permission | Description |
|---|---|
| Full Control | All rights including changing permissions |
| Change | Read, write, modify, delete |
| Read | View files and subfolders |
❗ Share permissions do not apply to local access.
| Feature | NTFS Permissions | Share Permissions |
|---|---|---|
| Scope | Local + Network | Network only |
| Granularity | File and folder level | Folder level only |
| Default Location | NTFS volume properties | Shared folder properties |
| Most Secure Wins? | Effective = Most Restrictive | Effective = Most Restrictive |
| Applies To | Local and remote users | Remote users only |
When both NTFS and Share permissions apply, the most restrictive permission wins.