Inheritance for users and groups in Windows

If we are learning with a deep dive in Windows OS or have already worked and work with managing users and groups, we already know how essential the Windows users and group management is for the Windows OS. As a matter of fact, this is true and applied in every OS out there. This is not so much of a concern for the systems used at home or other private places as much as it is for big organisations or corporations.

Let us look at one other important aspect of Windows users and group management, called Inheritance.

What is inheritance for operational systems?

Inheritance is basically the level of authorisation or permission a child inherits. What is this child and parental talk? Basically, in the world of Computer Science, a parent and child are basically a tree structure that we use a lot. For our purpose to keep it short, a parent is referred to a folder and a child is referred to all the files and documents, folders residing within this parent folder.

So, inheritance is the kind of permission all of these children get which is inherited by the NTFS permission set on the parent folder. So basically, it goes in the following way. If you move a file inside a folder, and that folder has its NTFS permission set to Read and Execute, this new file that is moved into this folder will automatically inherit such a permission.

Configuration of inheritance

So, where do you can configure these inheritance stuff?  Well, you right click on the folder, select properties and then go to the security tab. From there, look for advance button. You will see, there is a button that says disable inheritance. Clicking this button will pop up two more option like “What would you like to do with the current inherited permissions? ”

Under this, there are two options such as “convert inherited permissions into explicit permissions on this object” and “Remove all inherited permissions from this object”. Choose your option wisely and make sure you really know what you are doing.

It is highly advised that you do not mess with inheritance and it is a good thing, unless you really need to change the inheritance for any purpose. There is another way you can deny the existing inheritance. This is quite easy.

Go to the folder properties and get to the security tab again. Now, at the bottom you will see most of the permissions here are greyed out. This is because of the inheritance factor we have been talking about. You simply click the edit button and deny the permissions you want to deny for any specific users or groups. Doing this confirms and overrides the default NTFS permission inheritance. Then again, do this if you really have to do this. This kind of activities are rarely needed for any purposes.