NTFS
NTFS is the default Windows file system.
Permissions
F
full access
D
delete access
N
no access
M
modify access
RX
read and execute access
R
read-only access
W
write-only acces
icacls
icacls
stands for Integrity Control Access Control List.
# check folder's permissions
icacls c:\windows\myfolder
# grant full permissions
icacls c:\windows\myfolder /grant <USER>:f
# remove permissions
icacls c:\users /remove <USER>
NTFS vs Share
NTFS permissions apply to the system where the folder and files are hosted.
Share permissions apply when the folder is accessed through SMB, typically remotely.
Someone logged in locally or via RDP only need to consider NTFS permissions.
Example
Create a folder, turn it into share, and review permissions for htb-student
(Figure 1).

Although Everyone
has READ
access, this does not show below. This is because Windows Defender blocks access from any device that is not joined to the same workgroup, and proper inbound rules must be in place.
smbclient -L <TARGET-IP> -U htb-student
Enter WORKGROUP\htb-student's password:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
My Folder Disk
IPC$ IPC Remote IPC
Once inbound rules are in place, and because the account htb-student
is part of the Everyone
group, we will be able to inherit its permissions and access the share. We can then create a mount point; this is where the NTFS permissions must be considered alongside share permissions. A grey checkmark means that it was inherited from a parent directory (Figure 2).

sudo mount -t cifs -o username=htb-student,password=Academy_WinFun! //<TARGET-IP>/"My Folder" /home/user/Desktop/
If we check all the shared folders on the system, we will notice that more than just the My Folder
share are actually shared. The C:\
directory is shared via SMB at install which means anyone with proper access could remotely access it!
C:\Users\htb-student> net share
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\WINDOWS Remote Admin
My Folder C:\Users\htb-student\Desktop\My Folder
The command completed successfully.
Last updated