Skip to main content
A newer release of this product is available.

vserver security file-directory ntfs create

Suggest changes

Create an NTFS security descriptor

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.


The vserver security file-directory ntfs create command creates an NTFS security descriptor to which you can add access control entries (ACEs) to the discretionary access control list (DACL) and the system access control list (SACL).

Creating an NTFS security descriptor is the first step in configuring and applying NTFS access control lists (ACLs) to files and folders residing within a namespace. Later, you will associate the security descriptor to a policy task.

You can create NTFS security descriptors for files and folders residing within FlexVol volumes with NTFS security-style or on NTFS security descriptors on mixed security-style volumes.

The steps to creating and applying NTFS ACLs are the following:

  • Create an NTFS security descriptor.

  • Add DACLs and SACLs to the NTFS security descriptor.

Note If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding a SACL to the security descriptor.
  • Create a file/directory security policy.

This step associates the policy with a Vserver.
* Create a policy task.

A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.
* Apply a policy to the associated Vserver.

The vserver security file-directory ntfs create command is not supported for Vservers with Infinite Volume.