NTFS permissions, what happens if I deny everyone?
Got a folder on a file share server that only a few specifics security groups from ad need access to. I was wondering what would happen if I click deny all access to the Everyone group, would that exclude even the ones who have explicit permissions to access the resource?
I would like to restrict the access to anyone but users in those 3 security groups. What's the best way to go about this?
Thanks a lot fellas
Last replyBest Answer
More aboutntfs permissions deny
The best way to do this is to create a test folder and try different settings, then check effective permissions.
As long as you maintain ownership you should be able to go in and un-do anything you try that may backfire.
NTFS "Deny" trumps all other permissions. If you set "deny" on the everyone group even the local administrator will not be able to access the resource or even change the permission back. Be very careful or you will brick your system. If you want to allow only certain groups then remove "everyone" from the ACL, add the group/s you want to have access, and set the appropriate permission flags.
Read these for more information on how permissions are ultimately assigned: