Published by


Brink's Avatar
Administrator

Posts: 25,191

Show Printable Version 


Change Permissions of File, Folder, Drive, or Registry Key for Users and Groups in Windows 10

information   Information
On NTFS and ReFS volumes, you can set security permissions on files and folders. These permissions grant or deny access to the files and folders.

Every container (ex: folder) and object (ex: file) on the PC has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. The security descriptor is automatically created along with the container or object that is created.

When you are a member of a group (ex: "Administrators") that is associated with an object, you have some ability to manage the permissions on that object. For those objects you own, you have full control.

Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups. For example, for the file Temp.dat, the built-in Administrators group might be assigned Read, Write, and Delete permissions, while the Backup Operators group might be assigned Read and Write permissions only.

Each assignment of permissions to a user or group is represented in the system as an access control entry (ACE). The entire set of permission entries in a security descriptor is known as a permission set or access control list (ACL). Thus, for a file named Temp.dat, the permission set includes two permission entries, one for the built-in Administrators group and one for the Backup Operators group.

There are two types of permissions: explicit permissions and inherited permissions.
  • Explicit permissions are those that are set by default on non-child objects when the object is created, or by user action on non-child, parent, or child objects.
  • Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions ease the task of managing permissions and ensure consistency of permissions among all objects within a given container.
    • Inherited Deny permissions do not prevent access to an object if the object has an explicit Allow permission entry.
    • Explicit permissions take precedence over inherited permissions, even inherited Deny permissions.

By default, objects within a container inherit the permissions from that container when the objects are created. For example, when you create a folder called MyFolder, all subfolders and files created within MyFolder automatically inherit the permissions from that folder. Therefore, MyFolder has explicit permissions, while all subfolders and files within it have inherited permissions.

Name:  Explicit_and_Inherited_permissions.jpg
Views: 1720
Size:  78.6 KB


This tutorial will show you how to change permissions of a file, folder, drive, or registry key to allow or deny access for users and groups in Windows 10.


CONTENTS:
  • Option One: To Add User or Group and Set Permissions for File, Folder, Drive, or Registry Key in Security Settings
  • Option Two:To Add User or Group and Set Permissions for File, Folder, Drive, or Registry Key in Advanced Security Settings
  • Option Three: To Remove User or Group from Permissions for File, Folder, Drive, or Registry Key in Security Settings
  • Option Four: To Remove User or Group from Permissions for File, Folder, Drive, or Registry Key in Advanced Security Settings
  • Option Five: To Change Permissions for User or Group of File, Folder, Drive, or Registry Key in Security Settings
  • Option Six: To Change Permissions for User or Group of File, Folder, Drive, or Registry Key in Advanced Security Settings
  • Option Seven: To Change Permissions for User or Group of File, Folder, or Drive in Command Prompt





Change Permissions of Objects for Users and Groups in Windows 10 OPTION ONE Change Permissions of Objects for Users and Groups in Windows 10
To Add User or Group and Set Permissions for File, Folder, Drive, or Registry Key in Security Settings

1. Perform one of the following actions for what you want to do:

A) Right click or press and hold on a registry key, and click/tap on Permissions.

OR

B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties. Click/tap on the Security tab, and click/tap on the Edit button. (see screenshot below)

Name:  Add_user_or_group_permissions-1.png
Views: 1721
Size:  29.7 KB
Note   Note
If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
Name:  Need_to_take_ownership-1.png
Views: 1721
Size:  16.4 KB

2. Click/tap on the Add button. (see screenshot below)

Name:  Add_user_or_group_permissions-2.png
Views: 1727
Size:  23.7 KB

3. Click/tap on the Advanced button. (see screenshot below)

Name:  Add_user_or_group_permissions-2.png
Views: 1727
Size:  23.7 KB

4. Click/tap on the Find Now button, select the name of the user or group (ex: "Brink2") you want to add, and click/tap on OK. (see screenshot below)
Note   Note
If you like, you can press and hold the Ctrl key to select more than one user and/or group to add.


Name:  Add_user_or_group_permissions-4.png
Views: 1714
Size:  56.1 KB

5. Click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions-5.png
Views: 1725
Size:  19.5 KB

6. Select the added user or group, check the Allow or Deny boxes for the permissions you want to assign to this user or group for this file, folder, drive, or registry key, and click/tap on Apply. When finished, click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions-6.png
Views: 1712
Size:  33.8 KB

7. Click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-11.png
Views: 1719
Size:  28.0 KB





Change Permissions of Objects for Users and Groups in Windows 10 OPTION TWO Change Permissions of Objects for Users and Groups in Windows 10
To Add User or Group and Set Permissions for File, Folder, Drive, or Registry Key in Advanced Security Settings

1. Perform one of the following actions for what you want to do:

A) Right click or press and hold on a registry key, and click/tap on Permissions.

OR

B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties.

2. Click/tap on the Security tab, and click/tap on the Advanced button. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-1.png
Views: 1723
Size:  29.9 KB

3. Click/tap on the Add button. (see screenshot below)
Note   Note
If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
Name:  Need_to_take_ownership-2.jpg
Views: 1717
Size:  43.1 KB

Name:  Add_user_or_group_permissions_Advanced-2.jpg
Views: 1713
Size:  67.0 KB

4. Click/tap on the Select a principal link. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-3.jpg
Views: 1705
Size:  33.0 KB

5. Click/tap on the Advanced button. (see screenshot below)

Name:  Add_user_or_group_permissions-2.png
Views: 1727
Size:  23.7 KB

6. Click/tap on the Find Now button, select the name of the user or group (ex: "Brink2") you want to add, and click/tap on OK. (see screenshot below)
Note   Note
If you like, you can press and hold the Ctrl key to select more than one user and/or group to add.


Name:  Add_user_or_group_permissions-4.png
Views: 1714
Size:  56.1 KB

7. Click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions-5.png
Views: 1725
Size:  19.5 KB

8. Select Allow or Deny in the Type drop menu for the type of permissions you want to change. (see screenshots below step 10)

9. If this is for a folder, drive, or registry key, then select what you want in the Applies to drop menu for how the permissions will be applied. (see screenshots below step 10)

10. Check or uncheck the Basic permissions or Advanced permissions you want to assign to this user or group for this file, folder, drive, or registry key, and click/tap on OK. (see screenshots below)

Name:  Add_user_or_group_permissions_Advanced-7a.jpg
Views: 1708
Size:  48.2 KB Name:  Add_user_or_group_permissions_Advanced-7b.jpg
Views: 1714
Size:  57.0 KB
Name:  Add_user_or_group_permissions_Advanced-8a.jpg
Views: 1719
Size:  67.9 KB Name:  Add_user_or_group_permissions_Advanced-8b.jpg
Views: 1716
Size:  76.9 KB
Name:  Add_user_or_group_permissions_Advanced-9a.jpg
Views: 1711
Size:  64.5 KB Name:  Add_user_or_group_permissions_Advanced-9b.jpg
Views: 1719
Size:  71.5 KB

11. When finished, click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-10.jpg
Views: 1704
Size:  71.9 KB

12. Click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-11.png
Views: 1719
Size:  28.0 KB





Change Permissions of Objects for Users and Groups in Windows 10 OPTION THREE Change Permissions of Objects for Users and Groups in Windows 10
To Remove User or Group from Permissions for File, Folder, Drive, or Registry Key in Security Settings

1. Perform one of the following actions for what you want to do:

A) Right click or press and hold on a registry key, and click/tap on Permissions.

OR

B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties. Click/tap on the Security tab, and click/tap on the Edit button. (see screenshot below)

Name:  Remove_user_or_group_permissions-1.png
Views: 1705
Size:  31.8 KB
Note   Note
If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
Name:  Need_to_take_ownership-1.png
Views: 1721
Size:  16.4 KB

2. Select the user or group (ex: "Brink2") you want to remove, and click/tap on the Remove button. (see screenshot below)
Note   Note
If this is an inherited user or group, then you will get the error message below.

In this case, you would need to go to the parent ("Inherited from" source) of this file, folder, drive, or registry key, and remove this user or group from the parent's security settings instead.
Name:  Can't_remove.png
Views: 1711
Size:  16.0 KB

Name:  Remove_user_or_group_permissions-2.png
Views: 1702
Size:  29.4 KB

3. When finished, click/tap on OK. (see screenshot below)

Name:  Remove_user_or_group_permissions-3.png
Views: 1707
Size:  24.3 KB

4. Click/tap on OK. (see screenshot below)

Name:  Remove_user_or_group_permissions-4.png
Views: 1708
Size:  27.1 KB





Change Permissions of Objects for Users and Groups in Windows 10 OPTION FOUR Change Permissions of Objects for Users and Groups in Windows 10
To Remove User or Group from Permissions for File, Folder, Drive, or Registry Key in Advanced Security Settings

1. Perform one of the following actions for what you want to do:

A) Right click or press and hold on a registry key, and click/tap on Permissions.

OR

B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties.

2. Click/tap on the Security tab, and click/tap on the Advanced button. (see screenshot below)

Name:  Remove_user_or_group_advanced_permissions-1.png
Views: 1697
Size:  28.0 KB

3. Select the user or group (ex: "Brink2") you want to remove, and click/tap on the Remove button. (see screenshot below)
Note   Note
If this is an inherited user or group, then you will get the error message below.

In this case, you would need to go to the parent ("Inherited from" source) of this file, folder, drive, or registry key, and remove this user or group from the parent's advanced security settings instead.
Name:  Can't_remove.png
Views: 1711
Size:  16.0 KB
If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
Name:  Need_to_take_ownership-2.jpg
Views: 1717
Size:  43.1 KB

Name:  Remove_user_or_group_advanced_permissions-2.jpg
Views: 1701
Size:  80.1 KB

4. When finished, click/tap on OK. (see screenshot below)

Name:  Remove_user_or_group_advanced_permissions-3.jpg
Views: 1702
Size:  73.0 KB

5. Click/tap on OK. (see screenshot below)

Name:  Remove_user_or_group_permissions-4.png
Views: 1708
Size:  27.1 KB





Change Permissions of Objects for Users and Groups in Windows 10 OPTION FIVE Change Permissions of Objects for Users and Groups in Windows 10
To Change Permissions for User or Group of File, Folder, Drive, or Registry Key in Security Settings

1. Perform one of the following actions for what you want to do:

A) Right click or press and hold on a registry key, and click/tap on Permissions.

OR

B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties. Click/tap on the Security tab, and click/tap on the Edit button. (see screenshot below)

Name:  Add_user_or_group_permissions-1.png
Views: 1721
Size:  29.7 KB
Note   Note
If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
Name:  Need_to_take_ownership-1.png
Views: 1721
Size:  16.4 KB

2. Select a user or group (ex: "Brink2") you want to change permissions for, check the Allow or Deny boxes for the permissions you want to assign to this user or group for this file, folder, drive, or registry key, and click/tap on Apply. When finished, click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions-6.png
Views: 1712
Size:  33.8 KB

3. Click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-11.png
Views: 1719
Size:  28.0 KB





Change Permissions of Objects for Users and Groups in Windows 10 OPTION SIX Change Permissions of Objects for Users and Groups in Windows 10
To Change Permissions for User or Group of File, Folder, Drive, or Registry Key in Advanced Security Settings

1. Perform one of the following actions for what you want to do:

A) Right click or press and hold on a registry key, and click/tap on Permissions.

OR

B) Right click or press and hold on a file, folder, or drive, and click/tap on Properties.

2. Click/tap on the Security tab, and click/tap on the Advanced button. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-1.png
Views: 1723
Size:  29.9 KB

3. Select a user or group (ex: "Brink2") you want to change permissions for, and click/tap on the Edit button. (see screenshot below)
Note   Note
If this is an inherited user or group, then you will see a View button instead of an Edit button.

In this case, you would need to go to the parent ("Inherited from" source) of this file, folder, drive, or registry key, and change permissions of this user or group from the parent's advanced security settings instead.

If you see this below instead, then it means you will need to take ownership of this file, folder, drive, or registry key first, and try again.
Name:  Need_to_take_ownership-2.jpg
Views: 1717
Size:  43.1 KB

Name:  Change_permissions_Advanced-1.jpg
Views: 1694
Size:  76.1 KB

4. Select Allow or Deny in the Type drop menu for the type of permissions you want to change. (see screenshots below step 6)

5. If this is for a folder, drive, or registry key, then select what you want in the Applies to drop menu for how the permissions will be applied. (see screenshots below step 6)

10. Check or uncheck the Basic permissions or Advanced permissions you want to assign to this user or group for this file, folder, drive, or registry key, and click/tap on OK. (see screenshots below)

Name:  Add_user_or_group_permissions_Advanced-7a.jpg
Views: 1708
Size:  48.2 KB Name:  Add_user_or_group_permissions_Advanced-7b.jpg
Views: 1714
Size:  57.0 KB
Name:  Add_user_or_group_permissions_Advanced-8a.jpg
Views: 1719
Size:  67.9 KB Name:  Add_user_or_group_permissions_Advanced-8b.jpg
Views: 1716
Size:  76.9 KB
Name:  Add_user_or_group_permissions_Advanced-9a.jpg
Views: 1711
Size:  64.5 KB Name:  Add_user_or_group_permissions_Advanced-9b.jpg
Views: 1719
Size:  71.5 KB

7. When finished, click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-10.jpg
Views: 1704
Size:  71.9 KB

8. Click/tap on OK. (see screenshot below)

Name:  Add_user_or_group_permissions_Advanced-11.png
Views: 1719
Size:  28.0 KB





Change Permissions of Objects for Users and Groups in Windows 10 OPTION SEVEN Change Permissions of Objects for Users and Groups in Windows 10
To Change Permissions for User or Group of File, Folder, or Drive in Command Prompt

Note   Note
For more options on the icacls command, see: Icacls - Microsoft TechNet


1. Open a command prompt or elevated command prompt depending on your permission level for this file, folder, or drive.

2. Type the command you need below into the command prompt, and press Enter. (see screenshot below step 3)

(Apply to this file only)
icacls "full path of file" /grant "user or group":(permissions)

OR

(Apply to this folder only)
icacls "full path of folder" /grant "user or group":(permissions)

OR

(Apply to this folder, subfolder and files)
icacls "full path of folder" /grant "user or group":(permissions) /t /c

OR

(Apply to this drive only)
icacls "drive letter:" /grant "user or group":(permissions)

OR

(Apply to this drive, subfolder and files)
icacls "drive letter:" /grant "user or group":(permissions) /t /c

Note   Note
Substitute full path of file in the command above with the actual full path of the file with extension (ex: "F:\MyFolder\Lock.png") you want to change permissions for.

Substitute full path of folder in the commands above with the actual full path of the folder (ex: "F:\MyFolder") you want to change permissions for.

Substitute drive letter in the commands above with the actual drive letter (ex: "F") you want to change permissions for.

Substitute user or group in the commands above with the name of the user or group (ex: "Brink2") you want to change permissions for.

Substitute permissions in the commands above with one or more basic and/or advanced permissions you want to assign to the user or group from the table below with each permission separated by a comma in.

For example: icacls "F:\MyFolder" /grant "Brink2":(RX,W) /t /c


Basic Permissions Description
N no access
F full access
M modify access
RX read and execute access
R read-only access
W write-only access
D delete access
Advanced Permissions Description
DE delete
RC read control
WDAC write DAC
WO write owner
S synchronize
AS access system security
MA maximum allowed
GR generic read
GW generic write
GE generic execute
GA generic all
RD read data/list directory
WD write data/add file
AD append data/add subdirectory
REA read extended attributes
WEA write extended attributes
X execute/traverse
DC delete child
RA read attributes
WA write attributes

3. When finished, you can close the command prompt if you like.

Name:  change_permissions_command.png
Views: 1703
Size:  14.8 KB


That's it,
Shawn