Individual permissions granted or denied when NTFS file system standard permissions are not sufficiently granular for specific security purposes. The special permissions available depend on whether you are securing files or folders. In both cases, 14 special permissions are available; 10 of these are common to the two scenarios. The following tables list the various NTFS special permissions available in Microsoft Windows 2000.
| Special Permission | User Access Granted |
| read attributes | View the attributes (including read-only, hidden, system, and archive) of the file or folder |
| read extended attributes | View custom attributes that can be defined by certain applications for the file or folder |
| write attributes | Modify the attributes of the file or folder |
| write extended attributes | Modify custom attributes that can be defined by certain applications for the file or folder |
| delete subfolders and files | Delete subfolders or files |
| delete | Delete the file or folder; however, even if this permission is denied on a file, you can delete it if its parent folder has been granted delete subfolders and files permission |
| read permissions | View the permissions on the file or folder |
| change permissions | Modify the permissions on the file or folder |
| take ownership | Take ownership of the file or folder |
| synchronize | Lets threads in multithreaded programs wait on the file or folder handle and synchronize with another thread that signals it |
| Special Permission | User Access Granted |
| execute file | Execute the file |
| read data | Read the file |
| write data | Modify the file |
| append data | Append to the file (but not modify existing data) |
| Special Permission | User Access Granted |
| traverse folder | Drill down to other files and folders in the folder even if you have no permissions on intermediate subfolders |
| list folder | View the names of subfolders and files in the folder |
| create files | Create files in the folder |
| create folders | Create subfolders within the folder |
You can grant or deny special permissions by using the Advanced button on the Security tab of a file’s or folder’s property sheet. You can select different combinations of special permissions to create custom sets of permissions for special purposes. In most cases, however, it is simplest to use NTFS standard permissions for securing files and folders. If you use special permissions, Windows 2000 gives you a lot of flexibility in how you can apply them, especially if you are applying them to a folder. For example, you can apply a custom set of special permissions to
To use special permissions you must be the object’s owner, have full control of the object, or be a member of the Administrators group.
There are significant differences between NTFS special permissions for Windows 2000 and for Windows NT. The most obvious difference is that in Windows 2000 you can assign any of 14 special permissions, but in Windows NT you have 6 special permissions to choose from: read (R), write (W), execute (X), delete (D), change permission (P), and take ownership (O). The reason for this difference is that in Windows NT much of the machinery of NTFS is hidden from the user interface, while in Windows 2000 this machinery is exposed in the user interface.