How does the "Full Control" permission differ from manually giving all other permissions?

On Windows Server 2003 - and some other versions of Windows - the Properties > Security tab of a folder's or file's context menu provides "Allow" and "Deny" options for "Full Control," "Modify," "Read" and other permissions:

Sample Windows permission window

After clicking "Full Control," all boxes in the column - except for "Special Permissions" - get automatically checked.

What's the difference between checking "Full Control" and simply checking all the other boxes individually? Are there hidden/advanced permissions toggled by "Full Control" that aren't listed in the main permissions window? Is "Full Control" just a convenience shortcut?


Solution 1:

NTFS Permissions - Full control does provide additional permissions, most notably the ability to modify permissions on the object and take ownership.

Solution 2:

Giving Full Control to a user allows them to change permissions on the object themselves. Giving them everything else will allow them to modify, edit, delete, etc but they cannot change permissions unless they have Full Control or are explicitly granted it in the Advanced section.