Re: NTFS creator/owner property and permissions

From: Andy (andrew_ihatespamtaylor_mcse@yahooihatespam.com)
Date: 11/14/02 

From: "Andy" <andrew_ihatespamtaylor_mcse@yahooihatespam.com>
Date: Thu, 14 Nov 2002 10:11:28 -0500

To the best of my knowledge, whenever a user creates a file or directory on
an NTFS partition, regardless of whether they have full control or modify
permissions, that user can then modify the permissions of the file or
directory he/she created, because the creator of a file is also the owner.
In NTFS, the owner of a file or directory can always modify the permissions,
regardless of what permissions are already there. In my experience, this
has been the case with both Windows NT 4 and Windows 2000. (I'm not sure
about previous versions of NT.)

Assuming the aforementioned is true, my question is: Is there a way to
somehow disable this feature?

Thanks,
Andy

"Jim Dieff" <jdieffenbacher@promenix.com> wrote in message
news:f54401c28b4b$9339ec10$37ef2ecf@TKMSFTNGXA13...
> If you give the Modify but not Full Control NTFS
> permission, this prevents the ACL from being changed.
>
>
> >-----Original Message-----
> >Hello,
> >
> >As I'm sure most of you are already aware, when a user
> creates files and/or
> >directories on an NTFS volume, that user can always
> modify the permissions
> >of the files and folders he or she has created, due to
> the fact that he or
> >she is the creator/owner.
> >
> >I am setting up NTFS permissions on a Windows 2000 file
> server. If
> >possible, I would like to set up the permissions in such
> a way that a user
> >can create files and subdirectories within a directory
> but not modify the
> >ACLs on the files and subdirectories he/she creates. Is
> this possible using
> >the advanced security settings?
> >
> >Thanks all,
> >Andy
> >
> >--
> >[Remove "I hate spam" message from my return address to
> send e-mail.
> >Otherwise feel free to respond to the newsgroup instead.]
> >
> >
> >.
> >

Relevant Pages

  • RE: Differences between Change share permission and Modify NTFS pe
    ... how share and NTFS permissions interact, I was asked by a student why Modify ... I see no real difference between them ...
    (microsoft.public.windows.server.general)
  • Re: Directory Permissions - What gives?
    ... You control security at the NTFS folder ... As far as best practices are concerned in the "old days" as many of ... you do not control security at the Share level. ... You use NTFS Folder and File permissions for that. ...
    (microsoft.public.windows.server.general)
  • Re: Security permissons
    ... Administrators and system you can give allways Full control and the other selfcreated groups give the permissions they need. ... Administrators full control, modify etc. ... Users Read & Excute, List Folders Contents, Read ...
    (microsoft.public.windows.server.active_directory)
  • Re: Permissions Chart ?? or web site ??
    ... Determine what access you get through NTFS ... Share permissions should be set to the MINIMUM required for each GROUP, ... EVERYONE FULL CONTROL but with the security initiatives had MSFT chop that ... Or some web site that helps to understand ...
    (microsoft.public.windows.server.active_directory)
  • Re: Permissions Chart ?? or web site ??
    ... Truly the best way of handling this which gets all of the confusion out of the way is to set the Share permissions to EVERYONE FULL CONTROL and then properly manage the NTFS permissions, then you only worry about the one level of permissions. ... Or some web site that helps to understand ...
    (microsoft.public.windows.server.active_directory)