Windows 10: Change Permissions of Objects for Users and Groups in Windows 10  

    Change Permissions of Objects for Users and Groups in Windows 10

    Change Permissions of Objects for Users and Groups in Windows 10

    Change Permissions of File, Folder, Drive, or Registry Key for Users and Groups in Windows 10
    Published by Category: User Accounts
    27 Sep 2017
    Designer Media Ltd

    Published by


    Brink's Avatar
    Administrator

    Posts: 32,286

    Show Printable Version 


    Change Permissions of File, Folder, Drive, or Registry Key for Users and Groups in Windows 10

    information   Information
    On NTFS and ReFS volumes, you can set security permissions on files and folders. These permissions grant or deny access to the files and folders.

    Every container (ex: folder) and object (ex: file) on the PC has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. The security descriptor is automatically created along with the container or object that is created.

    When you are a member of a group (ex: "Administrators") that is associated with an object, you have some ability to manage the permissions on that object. For those objects you own, you have full control.

    Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups. For example, for the file Temp.dat, the built-in Administrators group might be assigned Read, Write, and Delete permissions, while the Backup Operators group might be assigned Read and Write permissions only.

    Each assignment of permissions to a user or group is represented in the system as an access control entry (ACE). The entire set of permission entries in a security descriptor is known as a permission set or access control list (ACL). Thus, for a file named Temp.dat, the permission set includes two permission entries, one for the built-in Administrators group and one for the Backup Operators group.

    There are two types of permissions: explicit permissions and inherited permissions.
    • Explicit permissions are those that are set by default on non-child objects when the object is created, or by user action on non-child, parent, or child objects.
    • Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions ease the task of managing permissions and ensure consistency of permissions among all objects within a given container.
      • Inherited Deny permissions do not prevent access to an object if the object has an explicit Allow permission entry.
      • Explicit permissions take precedence over inherited permissions, even inherited Deny permissions.

    By default, objects within a container inherit the permissions from that container when the objects are created. For example, when you create a folder called MyFolder, all subfolders and files created within MyFolder automatically inherit the permissions from that folder. Therefore, MyFolder has explicit permissions, while all subfolders and files within it have inherited permissions.

    Name:  Explicit_and_Inherited_permissions.jpg
Views: 10324
Size:  78.6 KB


    This tutorial will show you how to change permissions of a file, folder, drive, or registry key to allow or deny access for users and groups in Windows 10.


    CONTENTS:
    • Option One: To Add User or Group and Set Permissions for File, Folder, Drive, or Registry Key in Security Settings
    • Option Two:To Add User or Group and Set Permissions for File, Folder, Drive, or Registry Key in Advanced Security Settings
    • Option Three: To Remove User or Group from Permissions for File, Folder, Drive, or Registry Key in Security Settings
    • Option Four: To Remove User or Group from Permissions for File, Folder, Drive, or Registry Key in Advanced Security Settings
    • Option Five: To Change Permissions for User or Group of File, Folder, Drive, or Registry Key in Security Settings
    • Option Six: To Change Permissions for User or Group of File, Folder, Drive, or Registry Key in Advanced Security Settings
    • Option Seven: To Change Permissions for User or Group of File, Folder, or Drive in Command Prompt





    Change Permissions of Objects for Users and Groups in Windows 10 OPTION ONE Change Permissions of Objects for Users and Groups in Windows 10
    To Add User or Group and Set Permissions for File, Folder, Drive, or Registry Key in Security Settings

    1. Perform one of the following actions for what you want to do:

    A) Right click or press and hold on a registry key, and click/tap on Permissions.

    OR

    B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties. Click/tap on the Security tab, and click/tap on the Edit button. (see screenshot below)

    Name:  Add_user_or_group_permissions-1.png
Views: 10265
Size:  29.7 KB
    Note   Note
    If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
    Name:  Need_to_take_ownership-1.png
Views: 10277
Size:  16.4 KB

    2. Click/tap on the Add button. (see screenshot below)

    Name:  Add_user_or_group_permissions-2.png
Views: 10332
Size:  23.7 KB

    3. Click/tap on the Advanced button. (see screenshot below)

    Name:  Add_user_or_group_permissions-2.png
Views: 10332
Size:  23.7 KB

    4. Click/tap on the Find Now button, select the name of the user or group (ex: "Brink2") you want to add, and click/tap on OK. (see screenshot below)
    Note   Note
    If you like, you can press and hold the Ctrl key to select more than one user and/or group to add.


    Name:  Add_user_or_group_permissions-4.png
Views: 10259
Size:  56.1 KB

    5. Click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions-5.png
Views: 10307
Size:  19.5 KB

    6. Select the added user or group, check the Allow or Deny boxes for the permissions you want to assign to this user or group for this file, folder, drive, or registry key, and click/tap on Apply. When finished, click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions-6.png
Views: 10263
Size:  33.8 KB

    7. Click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-11.png
Views: 10265
Size:  28.0 KB





    Change Permissions of Objects for Users and Groups in Windows 10 OPTION TWO Change Permissions of Objects for Users and Groups in Windows 10
    To Add User or Group and Set Permissions for File, Folder, Drive, or Registry Key in Advanced Security Settings

    1. Perform one of the following actions for what you want to do:

    A) Right click or press and hold on a registry key, and click/tap on Permissions.

    OR

    B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties.

    2. Click/tap on the Security tab, and click/tap on the Advanced button. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-1.png
Views: 10278
Size:  29.9 KB

    3. Click/tap on the Add button. (see screenshot below)
    Note   Note
    If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
    Name:  Need_to_take_ownership-2.jpg
Views: 10254
Size:  43.1 KB

    Name:  Add_user_or_group_permissions_Advanced-2.jpg
Views: 10270
Size:  67.0 KB

    4. Click/tap on the Select a principal link. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-3.jpg
Views: 10250
Size:  33.0 KB

    5. Click/tap on the Advanced button. (see screenshot below)

    Name:  Add_user_or_group_permissions-2.png
Views: 10332
Size:  23.7 KB

    6. Click/tap on the Find Now button, select the name of the user or group (ex: "Brink2") you want to add, and click/tap on OK. (see screenshot below)
    Note   Note
    If you like, you can press and hold the Ctrl key to select more than one user and/or group to add.


    Name:  Add_user_or_group_permissions-4.png
Views: 10259
Size:  56.1 KB

    7. Click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions-5.png
Views: 10307
Size:  19.5 KB

    8. Select Allow or Deny in the Type drop menu for the type of permissions you want to change. (see screenshots below step 10)

    9. If this is for a folder, drive, or registry key, then select what you want in the Applies to drop menu for how the permissions will be applied. (see screenshots below step 10)

    10. Check or uncheck the Basic permissions or Advanced permissions you want to assign to this user or group for this file, folder, drive, or registry key, and click/tap on OK. (see screenshots below)

    Name:  Add_user_or_group_permissions_Advanced-7a.jpg
Views: 10252
Size:  48.2 KB Name:  Add_user_or_group_permissions_Advanced-7b.jpg
Views: 10289
Size:  57.0 KB
    Name:  Add_user_or_group_permissions_Advanced-8a.jpg
Views: 10298
Size:  67.9 KB Name:  Add_user_or_group_permissions_Advanced-8b.jpg
Views: 10285
Size:  76.9 KB
    Name:  Add_user_or_group_permissions_Advanced-9a.jpg
Views: 10268
Size:  64.5 KB Name:  Add_user_or_group_permissions_Advanced-9b.jpg
Views: 10275
Size:  71.5 KB

    11. When finished, click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-10.jpg
Views: 10365
Size:  71.9 KB

    12. Click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-11.png
Views: 10265
Size:  28.0 KB





    Change Permissions of Objects for Users and Groups in Windows 10 OPTION THREE Change Permissions of Objects for Users and Groups in Windows 10
    To Remove User or Group from Permissions for File, Folder, Drive, or Registry Key in Security Settings

    1. Perform one of the following actions for what you want to do:

    A) Right click or press and hold on a registry key, and click/tap on Permissions.

    OR

    B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties. Click/tap on the Security tab, and click/tap on the Edit button. (see screenshot below)

    Name:  Remove_user_or_group_permissions-1.png
Views: 10264
Size:  31.8 KB
    Note   Note
    If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
    Name:  Need_to_take_ownership-1.png
Views: 10277
Size:  16.4 KB

    2. Select the user or group (ex: "Brink2") you want to remove, and click/tap on the Remove button. (see screenshot below)
    Note   Note
    If this is an inherited user or group, then you will get the error message below.

    In this case, you would need to go to the parent ("Inherited from" source) of this file, folder, drive, or registry key, and remove this user or group from the parent's security settings instead.
    Name:  Can't_remove.png
Views: 10272
Size:  16.0 KB

    Name:  Remove_user_or_group_permissions-2.png
Views: 10284
Size:  29.4 KB

    3. When finished, click/tap on OK. (see screenshot below)

    Name:  Remove_user_or_group_permissions-3.png
Views: 10269
Size:  24.3 KB

    4. Click/tap on OK. (see screenshot below)

    Name:  Remove_user_or_group_permissions-4.png
Views: 10275
Size:  27.1 KB





    Change Permissions of Objects for Users and Groups in Windows 10 OPTION FOUR Change Permissions of Objects for Users and Groups in Windows 10
    To Remove User or Group from Permissions for File, Folder, Drive, or Registry Key in Advanced Security Settings

    1. Perform one of the following actions for what you want to do:

    A) Right click or press and hold on a registry key, and click/tap on Permissions.

    OR

    B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties.

    2. Click/tap on the Security tab, and click/tap on the Advanced button. (see screenshot below)

    Name:  Remove_user_or_group_advanced_permissions-1.png
Views: 10248
Size:  28.0 KB

    3. Select the user or group (ex: "Brink2") you want to remove, and click/tap on the Remove button. (see screenshot below)
    Note   Note
    If this is an inherited user or group, then you will get the error message below.

    In this case, you would need to go to the parent ("Inherited from" source) of this file, folder, drive, or registry key, and remove this user or group from the parent's advanced security settings instead.
    Name:  Can't_remove.png
Views: 10272
Size:  16.0 KB
    If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
    Name:  Need_to_take_ownership-2.jpg
Views: 10254
Size:  43.1 KB

    Name:  Remove_user_or_group_advanced_permissions-2.jpg
Views: 10278
Size:  80.1 KB

    4. When finished, click/tap on OK. (see screenshot below)

    Name:  Remove_user_or_group_advanced_permissions-3.jpg
Views: 10251
Size:  73.0 KB

    5. Click/tap on OK. (see screenshot below)

    Name:  Remove_user_or_group_permissions-4.png
Views: 10275
Size:  27.1 KB





    Change Permissions of Objects for Users and Groups in Windows 10 OPTION FIVE Change Permissions of Objects for Users and Groups in Windows 10
    To Change Permissions for User or Group of File, Folder, Drive, or Registry Key in Security Settings

    1. Perform one of the following actions for what you want to do:

    A) Right click or press and hold on a registry key, and click/tap on Permissions.

    OR

    B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties. Click/tap on the Security tab, and click/tap on the Edit button. (see screenshot below)

    Name:  Add_user_or_group_permissions-1.png
Views: 10265
Size:  29.7 KB
    Note   Note
    If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
    Name:  Need_to_take_ownership-1.png
Views: 10277
Size:  16.4 KB

    2. Select a user or group (ex: "Brink2") you want to change permissions for, check the Allow or Deny boxes for the permissions you want to assign to this user or group for this file, folder, drive, or registry key, and click/tap on Apply. When finished, click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions-6.png
Views: 10263
Size:  33.8 KB

    3. Click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-11.png
Views: 10265
Size:  28.0 KB





    Change Permissions of Objects for Users and Groups in Windows 10 OPTION SIX Change Permissions of Objects for Users and Groups in Windows 10
    To Change Permissions for User or Group of File, Folder, Drive, or Registry Key in Advanced Security Settings

    1. Perform one of the following actions for what you want to do:

    A) Right click or press and hold on a registry key, and click/tap on Permissions.

    OR

    B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties.

    2. Click/tap on the Security tab, and click/tap on the Advanced button. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-1.png
Views: 10278
Size:  29.9 KB

    3. Select a user or group (ex: "Brink2") you want to change permissions for, and click/tap on the Edit button. (see screenshot below)
    Note   Note
    If this is an inherited user or group, then you will see a View button instead of an Edit button.

    In this case, you would need to go to the parent ("Inherited from" source) of this file, folder, drive, or registry key, and change permissions of this user or group from the parent's advanced security settings instead.

    If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
    Name:  Need_to_take_ownership-2.jpg
Views: 10254
Size:  43.1 KB

    Name:  Change_permissions_Advanced-1.jpg
Views: 10247
Size:  76.1 KB

    4. Select Allow or Deny in the Type drop menu for the type of permissions you want to change. (see screenshots below step 6)

    5. If this is for a folder, drive, or registry key, then select what you want in the Applies to drop menu for how the permissions will be applied. (see screenshots below step 6)

    10. Check or uncheck the Basic permissions or Advanced permissions you want to assign to this user or group for this file, folder, drive, or registry key, and click/tap on OK. (see screenshots below)

    Name:  Add_user_or_group_permissions_Advanced-7a.jpg
Views: 10252
Size:  48.2 KB Name:  Add_user_or_group_permissions_Advanced-7b.jpg
Views: 10289
Size:  57.0 KB
    Name:  Add_user_or_group_permissions_Advanced-8a.jpg
Views: 10298
Size:  67.9 KB Name:  Add_user_or_group_permissions_Advanced-8b.jpg
Views: 10285
Size:  76.9 KB
    Name:  Add_user_or_group_permissions_Advanced-9a.jpg
Views: 10268
Size:  64.5 KB Name:  Add_user_or_group_permissions_Advanced-9b.jpg
Views: 10275
Size:  71.5 KB

    7. When finished, click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-10.jpg
Views: 10365
Size:  71.9 KB

    8. Click/tap on OK. (see screenshot below)

    Name:  Add_user_or_group_permissions_Advanced-11.png
Views: 10265
Size:  28.0 KB





    Change Permissions of Objects for Users and Groups in Windows 10 OPTION SEVEN Change Permissions of Objects for Users and Groups in Windows 10
    To Change Permissions for User or Group of File, Folder, or Drive in Command Prompt

    Note   Note
    For more options on the icacls command, see: Icacls - Microsoft TechNet


    1. Open a command prompt or elevated command prompt depending on your permission level for this file, folder, or drive.

    2. Type the command you need below into the command prompt, and press Enter. (see screenshot below step 3)

    (Apply to this file only)
    icacls "full path of file" /grant "user or group":(permissions)

    OR

    (Apply to this folder only)
    icacls "full path of folder" /grant "user or group":(permissions)

    OR

    (Apply to this folder, subfolder and files)
    icacls "full path of folder" /grant "user or group":(permissions) /t /c

    OR

    (Apply to this drive only)
    icacls "drive letter:" /grant "user or group":(permissions)

    OR

    (Apply to this drive, subfolder and files)
    icacls "drive letter:" /grant "user or group":(permissions) /t /c

    Note   Note
    Substitute full path of file in the command above with the actual full path of the file with extension (ex: "F:\MyFolder\Lock.png") you want to change permissions for.

    Substitute full path of folder in the commands above with the actual full path of the folder (ex: "F:\MyFolder") you want to change permissions for.

    Substitute drive letter in the commands above with the actual drive letter (ex: "F") you want to change permissions for.

    Substitute user or group in the commands above with the name of the user or group (ex: "Brink2") you want to change permissions for.

    Substitute permissions in the commands above with one or more basic and/or advanced permissions you want to assign to the user or group from the table below with each permission separated by a comma in.

    For example: icacls "F:\MyFolder" /grant "Brink2":(RX,W) /t /c


    Basic Permissions Description
    N no access
    F full access
    M modify access
    RX read and execute access
    R read-only access
    W write-only access
    D delete access
    Advanced Permissions Description
    DE delete
    RC read control
    WDAC write DAC
    WO write owner
    S synchronize
    AS access system security
    MA maximum allowed
    GR generic read
    GW generic write
    GE generic execute
    GA generic all
    RD read data/list directory
    WD write data/add file
    AD append data/add subdirectory
    REA read extended attributes
    WEA write extended attributes
    X execute/traverse
    DC delete child
    RA read attributes
    WA write attributes

    3. When finished, you can close the command prompt if you like.

    Name:  change_permissions_command.png
Views: 10257
Size:  14.8 KB


    That's it,
    Shawn



  1. Posts : 887
    Windows 10 Home x64 and Pro x86
       23 Nov 2017 #1

    There is one aspect of permissions I have not found an explanation for. There is a difference in behaviour for different categories of folder once permissions have been granted - some permissions have permanent effect whilst others need to be repeated at every access.
    Case 1 - I use my Admin status to give myself access permissions to another user's folders such as C:\Users\Winger\Documents. This new permission has permanent effect.
    Case 2 - I use my Admin status to give myself access permissions to, for example, C:\Program files or C:\Tools** and all their subfolders. This new permission has to be re-granted for each individual access.
    I cannot find the property that determines the difference in behaviour. Do you know anything about this?

    ** C:\Tools [owned by the Administrators group] is where I keep all my batch files, vbs files, vba add-ins, ... so the need for re-granting permissions every time is exactly what I want to protect the contents from unauthorised or accidental changes. It's just that I do not understand why it works.

    Denis
      My ComputerSystem Spec

  2. Brink's Avatar
    Posts : 32,286
    64-bit Windows 10 Pro build 18242
    Thread Starter
       23 Nov 2017 #2

    Hello Denis, :)

    I haven't found it yet either other than having to manually change permissions afterwards.
      My ComputersSystem Spec


  3. Posts : 887
    Windows 10 Home x64 and Pro x86
       23 Nov 2017 #3

    Brink,

    Thanks for such a quick response. If I ever find an answer I'll post it here.

    Denis
      My ComputerSystem Spec

  4. Brink's Avatar
    Posts : 32,286
    64-bit Windows 10 Pro build 18242
    Thread Starter
       23 Nov 2017 #4

    I suppose you could use the context menu in the tutorial below to make it easy to reset the permissions for items back to default.

    Add Reset Permissions to Context Menu in Windows User Accounts Tutorials
      My ComputersSystem Spec


 

Tutorial Categories

Change Permissions of Objects for Users and Groups in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Xbox Windows Phone


Related Threads
Enable or Disable Inherited Permissions for Files and Folders in Windows On NTFS and ReFS volumes, you can set security permissions on files and folders. These permissions grant or deny access to the files and folders. Every container (ex:...
How to Add or Remove Users from Groups in Windows 10 You can limit the ability of users to perform certain actions by adding or removing the user from being a member of groups. Each group has its own default rights and permissions. When a user is...
Solved No users visible in Local Users and Groups in User Accounts and Family Safety
After forgetting the local administrator password, I followed that guide for offline editing the SAM registry file. This clearly caused a problem, because no I see no users in LUAG as per the attached. All the accounts work fine, except the built-in...
I was able to map a user to a group using the 'netplwiz' command function. However, i need to add a user to more than 1 group but dont know how to achieve this Can anyone help LUSRMGR does not work on my version of Windows as i run the Home...
Solved Show Local users and Groups in User Accounts and Family Safety
Hello, I want to get a list of Local Users and Groups as shown in the first screen shot (taken from the Web). When I run Computer Management as administrator that information is not available under Computer Management > System Tools (second...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 23:16.
Find Us