Sign in with
Sign up | Sign in
Your question

NTFS ownership queestion

Last response: in Windows XP
Share
Anonymous
February 24, 2005 4:45:11 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

When a user creates a file who is a member of the administrators group, thet
administrators group becomes the owner of the file. Why isn't it the actually
user account? Is there anyway to change it the way it works for power users,
where, if a user is a member of the power users group, the account becomes
the owner rather than the power users group.

Thanks
Anonymous
February 27, 2005 3:49:43 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

GCCC wrote:
> When a user creates a file who is a member of the administrators
> group, thet administrators group becomes the owner of the file. Why
> isn't it the actually user account?

This behavior can be changed by "Security Options" -> "System Objects:
Default Owner for objects created by members of the Administrators group"
option in local security policy (or group policy computer settings, if you
are a member of a domain).

A good reason to use this option in a business setting is that there may be
several administrators (IT staff) who may come and go over time, who install
programs and create shared resources that may outlast them and their
accounts (when they leave). Having things owned by a built-in group insures
all administrators have equal access and helps avoid "abandoned" ownership.

--
Chris Priede (priede@panix.com)
Anonymous
February 28, 2005 10:39:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Chris - thanks for the info

"Chris Priede" wrote:

> GCCC wrote:
> > When a user creates a file who is a member of the administrators
> > group, thet administrators group becomes the owner of the file. Why
> > isn't it the actually user account?
>
> This behavior can be changed by "Security Options" -> "System Objects:
> Default Owner for objects created by members of the Administrators group"
> option in local security policy (or group policy computer settings, if you
> are a member of a domain).
>
> A good reason to use this option in a business setting is that there may be
> several administrators (IT staff) who may come and go over time, who install
> programs and create shared resources that may outlast them and their
> accounts (when they leave). Having things owned by a built-in group insures
> all administrators have equal access and helps avoid "abandoned" ownership.
>
> --
> Chris Priede (priede@panix.com)
>
>
>
!