Modify Plus: Secure NTFS Permission Endpoints
To grant users access to files and folders on Windows drives, admins can use either share permissions or NTFS permissions. NTFS (New Technology File System) is the more common method, though, as it allows a more granular approach to granting permissions. Read on to learn how to use the “Modify Plus“ option to further optimize your NTFS settings and close a security hole in your access structure at the same time.
What Is “Modify Plus”?
In the NT File System, there are six permission sets to choose from: Full Control, Modify, Read & Execute, List Folder Contents, Read and Write. Each of these permission sets contains additional special permissions.
Read our post to learn how to set NTFS permissions correctly and how to avoid the five most common mistakes when doing so.
While these varying levels of access allow admins to adjust permissions for users individually, they do also come with a problem: The permission “Modify” contains the special permission “Delete”.
NTFS Permission “Modify“ Gives Users Power to “Delete“
This means users who have the permission “Modify“ for a folder can also move or delete this folder.
This is a big issue, especially with regard to resources that are shared by several users. Common scenarios include:
Someone intentionally moves Folder A (e.g. a project folder) into Folder B, but not everyone has access to Folder B. Now users who would normally have access to Folder A but not Folder B can no longer access Folder A.
Someone accidentally moves the folder and now no one can find it.
Someone deletes the folder (intentionally or by mistake) and now no one can access it anymore.
Modify Plus: The Alternative
With tenfold, you can replace the permission “Modify“ with the permission “Modify Plus“. Unlike “Modify“, “Modify Plus“ does NOT include the special permission “Delete“. Instead, it contains the special permission “Delete Subfolders and Files“.
This means users who have the permission “Modify Plus” can still modify (and delete) all files and folders contained inside the project folder, but the main folder itself can no longer be deleted or moved.
Watch Our Demo Video to See tenfold in Action!