On NTFS volumes, you can set permissions on files and folders that specify which groups and users have access to them, and what level of access is permitted. NTFS file and folder permissions apply both to users working at the computer where the file is stored and to users accessing the file over the network when the file is in a shared folder. With NTFS you can also set share permissions, which operate on shared folders in combination with file and folder permissions.
Note
To preserve permissions when you copy or move files between NTFS folders, use the Scopy program on the Windows NT Server Resource Kit CD.
With FAT volumes, you cannot set any permissions on the individual files and folders. The only security is share permissions that are set on the entire share, affect all files and folders on that share, and only function over the network. Once a folder is shared, you can protect the shared folder by specifying one set of share permissions that applies to users for all files and subfolders of the shared folder. Share permissions are set in very much the same way as file and folder permissions are set in NTFS. But because share permissions apply globally to all files and folders in the share, they are significantly less versatile than the file and folder permissions used for NTFS volumes.
Share permissions apply equally to NTFS and FAT volumes. They are enforced by Windows NT, not the individual file system.
Chapter 4, "Managing Shared Resources and Resource Security," in the Windows NT Server Concepts and Planning book, contains several sections that describe setting and using file and folder permissions on FAT and NTFS volumes.