How does the "Full Control" permission differ from manually giving all other permissions?

19

4

On Windows Server 2003 - and some other versions of Windows - the Properties > Security tab of a folder's or file's context menu provides "Allow" and "Deny" options for "Full Control," "Modify," "Read" and other permissions:

Sample Windows permission window

After clicking "Full Control," all boxes in the column - except for "Special Permissions" - get automatically checked.

What's the difference between checking "Full Control" and simply checking all the other boxes individually? Are there hidden/advanced permissions toggled by "Full Control" that aren't listed in the main permissions window? Is "Full Control" just a convenience shortcut?

Pops

Posted 2010-05-28T17:20:07.853

Reputation: 7 353

Answers

13

NTFS Permissions - Full control does provide additional permissions, most notably the ability to modify permissions on the object and take ownership.

Darth Android

Posted 2010-05-28T17:20:07.853

Reputation: 35 133

Link no longer works. – Barry Brown – 2011-06-15T22:25:53.887

4

Giving Full Control to a user allows them to change permissions on the object themselves. Giving them everything else will allow them to modify, edit, delete, etc but they cannot change permissions unless they have Full Control or are explicitly granted it in the Advanced section.

MDMarra

Posted 2010-05-28T17:20:07.853

Reputation: 19 580

Asked: 2010-05-28T17:20:07.853

Viewed: 37 139 times

Active: 2011-08-18T04:26:46.100