1 / 4

Understanding Ownership

Understanding Ownership. Ownership Every folder and file on an NTFS partition of a Windows 2008 server has an owner The person who creates the file is the owner The owner can always access the file/folder The owner can always change its permissions

norah
Download Presentation

Understanding Ownership

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Understanding Ownership • Ownership • Every folder and file on an NTFS partition of a Windows 2008 server has an owner • The person who creates the file is the owner • The owner can always access the file/folder • The owner can always change its permissions • This is true even if they’ve been removed from the security tab. Because they own it they can simply add themselves to the security tab! • Administrators can take ownership of any file or folder • This is useful in a situation where the file is not otherwise accessible – i.e, user who created the file had previously removed administrators from the security tab and that user has been deleted • Any user who has the special NTFS Change Permission or the special NTFS Take Ownership permission to a file or folder can take ownership of that file or folder

  2. Viewing and Taking Ownership • Viewing Ownership • View file or folder ownership of a file or folder from the Owner tab in the advanced security settings of the file/folder properties • Properties of file or folder /Security / Advanced / Owner • TakingOwnership • Take ownership of a file or folder from the Owner tab in the advanced security settings of the file/folder properties • Properties of file or folder / Security / Advanced / Owner /Edit • Select a new owner from the Change Owner to Box or add a new user to the list and select that new user (add a new user or group by using the Other Users or Groups button) • Use the Replace Owners on Subcontainers and Objects with caution. • Taking ownership does not automatically add the owner to the file/folder’s ACL. • Example: If an administrator has no permissions to a file or folder he/she can take ownership of the file/folder but administrators are not automatically added to the security tab of that file or folder – the new entry must be added.

  3. Replace Owners on Subcontainers and ObjectsWhen should you use it?  Replace Owners on Subcontainers and Objects checkbox • If the user who owns the folder/file no longer needs access to the folder, then when the administrator takes ownership of the folder, this option should be selected. • The process: • Select the Administrators group as the new owner and select the Replace Owners on Subcontainers and objects. • Click OK and answer yes to the prompt regarding giving full control • This will remove all entries from the folder’s ACL and it will add Administrators with full control. The original owner will lose access to the folder and all its contents.

  4. Replace Owners on Subcontainers and ObjectsWhen should you use it?  Replace Owners on Subcontainers and Objects checkbox • If the user who owns the folder/file still needs access to the folder, do not select this option. When you don’t select this option you will be the new owner but the ACL will remain in tact; which means you still won’t have permissions to the folder but since you now own it you can give yourself permission. If the goal is for the administrator and the original owner to have access to the folder, you must reconfigure the security on the folder. • Process: • After taking ownership of the parent folder (without replacing owners on subcontainers), add the Administrators group to the parent folder’s ACL with full control • Write down all other entries that exist on the ACL of the folder • Go back to the Owners tab for the parent folder and this time check off the Replace Owners on Subcontainers” check box and answer yes to the question regarding replacing directory permissions with permissions grating you full control. • Go back to the ACL for the folder and confirm add the entries that you wrote down above. You chould also check child files/folders and note that only Administrators exist on child file/folder ACLs. • To force the parent permissions to all child files and folders, go to the Advanced Security tab of the parent folder and check off the check box for Replace permission entries on all child objects with entries shown here…. Answer yes to the warning.

More Related