How to Configure Inherited Permissions for Files and Folders in Windows

  • Last updated
How to Configure Inherited Permissions for Files and Folders in Windows blog banner image
  • Last updated

Permissions in Windows determine who can access and modify files. While you can set permissions to individual files and folders, managing permissions in Windows can save you time by automatically passing down permissions from a parent folder to its child objects.

Incorrectly configuring permission configuration can lead to access issues and security risks, so it’s vital for IT experts to understand how access control in Windows. In this guide, we’ll explain how file and folder permissions function and how to configure inherited permissions for files and folders.

What inherited permissions for files and folders in Windows?

In Windows, permission is a rule that controls access to files, folders, and other resources. An inherited permission refers to any permission assigned to a parent object, such as a folder, that automatically passes down to its access to subfolders and files.

The difference between explicit and inherited permissions in Windows

Explicit permissions are directly assigned to an object, such as a specific folder or file. These permissions provide precise control and allow unique settings to be applied to particular resources. For example, if you want only one user or group to have access to a sensitive document, you can apply explicit permissions to that document. However, explicit permissions must be addressed individually, meaning it can be time-consuming to configure them at scale.

On the other hand, inherited permissions create a hierarchical structure that ensures uniform file permissions from the parent object to the child objects. For instance, inherited permissions set at the folder level will apply to the files within, making file management simpler and more efficient.

Benefits of using inherited permissions for files and folders in Windows

  • Consistency

All child objects inherit the permissions of the parent object, ensuring consistent permissions within folders.

  • Streamlines file management

Since changes made at the parent level are applied to child objects, users do not need to manually configure permissions for every child object.

  • Scalability

This makes using inherited permissions ideal for organizations with large file structures or for IT teams managing many Windows devices. Inherited permissions essentially eliminate the need for users to create individual files or folders.

How to view inherited permissions for a folder in Windows

  1. Right-click the file or folder, then select “Properties”.
  2. Navigate to the “Security” tab and click on the button that says “Advanced” to open the advanced security settings window.
  3. You can now see all the file and folder permissions, with a breakdown of which are explicitly assigned and which are inherited.

Step-by-step guide to file permissions in Windows

How to enable and disable inherited permissions for files and folders using Advanced Security Settings

  1. Navigate to the file or folder that you wish to configure inherited permissions for and right-click it.
  2. Go to Properties and click the Security tab.
  3. Click the “Advanced” button, then tap on the “Change permissions” button.
  4. To activate inherited permissions, click “Enable inheritance” to allow the object to follow the parent’s permissions.
  5. To remove inherited permissions, select all the files you wish to configure, then click the “Disable inheritance”. You will then be asked to choose whether to convert inherited permissions to explicit permissions or remove all inherited permissions entirely.
  6. When you’re done, click the “Apply” button, which is located at the lower right of the Windows.

How to configure inherited permissions for files and folders using in Command Prompt

Before using this method, you will need administrator access to open an elevated command prompt.

  1. To enable inheritance for the parent object, you will need to enter the code below. Replace <full path of file or folder> with the path of the file or folder you need to configure.

    icacls “<full path of file or folder>” /inheritance:e

  2. To disable inheritance and convert any inherited permissions into explicit permissions, you will need to enter this command:

    icacls “<full path of file or folder>r” /inheritance:d

  3. If you wish to disable inheritance while also removing all permissions from the child objects, you can enter this command:

    icacls “<full path of file or folder>” /inheritance:r

Troubleshooting inherited permission issues

  • Access denied errors

Check if the user has sufficient permissions for the parent folder. This might be a case of inherited permissions settings being overly restrictive. You will have to adjust the parent folder’s settings until access is appropriately granted.

  • Inherited permissions are not applied to new files

Make sure to tick the box that enables the “Replace all child object permission entries” option. You can find this option by following our guide above on how to view inherited permissions for a folder in Windows.

  • Moving a file to a new folder does not apply inherited permissions

If you moved a file to a new parent folder with inherited permissions enabled, you will need to disable inheritance and then re-enable inheritance for the new location.

Best practices for configuring inherited permissions for files and folders in Windows

1. Use documentation tools

Always record changes to permissions for future reference. Maintaining logs of all file permission modifications helps technicians identify the root cause of permission issues faster.

2. Conduct reviews

Periodically reassess permissions to prevent overly strict or broad permissions. Doing this on a regular basis ensures compliance with security policies and regulatory requirements. You can use PowerShell to automatically check the inheritance permission status of a file or folder:

$folderPath = “<full path of file or folder>”
(Get-Acl -Path $folderPath).Access | Where-Object { $_.IsInherited -eq $true } | Select IdentityReference, FileSystemRights, IsInherited

To do it at scale, you can use third-party IT automation software, such as NinjaOne, which can help you check folder inheritance status by running PowerShell scripts based on conditions, triggers, and intervals.

3. Leverage automation

You can automate repetitive tasks with automation tools, allowing IT professionals to work on more strategic tasks. Use scripts to automate permission assignments, disable inheritance, or check inherited permission status.

4. Apply stricter controls for sensitive data

Save critical and confidential data in a dedicated folder with strict, limited permissions to further minimize the risk of data breaches and other types of cyberattacks.

5. Rely on third-party endpoint management tools

Organizations should consider investing in Windows endpoint management tools, such as NinjaOne. An enterprise-level endpoint management tool enables IT teams to modify permissions more efficiently at scale.

Manage permissions in Windows more efficiently

Inherited permissions simplify managing file permissions and ensure promote consistency. Take control of your permission structures by utilizing an endpoint management solution like NinjaOne.

NinjaOne Windows Endpoint Management provides users with full visibility and control of their Windows devices, allowing them to track file and folder permissions. NinjaOne’s user-friendly dashboard centralizes all the tools you need to monitor, manage, patch, and secure your Windows devices and servers into a single pane of glass. With NinjaOne’s automation tools, IT teams can streamline processes to reduce manual intervention while boosting IT efficiency.

Secure confidential data and critical files at scale with G2’s top choice for endpoint management. See it in action today – get started with a free trial or watch a demo.

FAQs

  • What are inherited permissions, and how do they differ from explicit permissions?

Inherited permissions automatically apply from a parent object, while explicit permissions are manually assigned to individual files or folders.

  • Can inherited permissions be overridden?

Yes, you can follow the steps above to disable inherited permissions. Additionally, you can add explicit permissions to override inherited permissions.

  • How do inherited permissions affect shared folders?

Shared folders, by default, apply inherited permissions to files and sub-folders. Users can manage permissions in Windows to meet specific access needs.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

Start your Free Trial

You might also like

How to Convert GPT Disk to MBR Disk in Windows blog banner image

How to Convert GPT Disk to MBR Disk in Windows 10 and Windows 11

How to Convert NTFS to FAT32 without Data Loss blog banner image

How to Convert NTFS to FAT32 without Data Loss in Windows

How to Change User Rights Assignment Security Policy in Windows blog banner image

How to Change User Rights Assignment Security Policy Settings in Windows 10

How to Configure Narrator in Windows 10 blog banner image

How to Configure Narrator in Windows 10

how to remove a kiosk account with Assigned access in windows blog banner image

How to Set Up or Remove a Kiosk Account with Assigned Access in Windows 10 & 11

How to Add and Remove a Network location in Windows blog banner image

How to Add and Remove a Network Location in Windows 10

Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
I Accept