Re: Folder creator owner

I am only aware of tools various companies have written for internal use that unfortunately I am not able to share.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Antoine Auger-Giroux wrote: 
Thank's Joe and Roger,

Roger: It would be great if it was include in further version of windows. When we had to manage security,SOX in mind , everything has to be very strait...

Joe: Does Microsoft had a tool that can do that ? Or mabe a 3rd party tool ?

Thank's again !

Antoine
;)

"Roger Abell [MVP]" wrote:

Joe has answered you.  One must currently provide value-added
code to accomplish this, such as something the is notificed on new
NTFS object creation that then goes in a alters the Owner.
I have proposed years back that we need ability to make container
objects so that new objects either follow the existing rules, or have
owner value inherited from container object.  Regretably all Windows
(NT family) versions still follow only the one, old rule for this.

"Antoine Auger-Giroux" <AntoineAugerGiroux@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D37EF714-3DC7-41C8-B4E1-E962D85F1709@xxxxxxxxxxxxxxxx 
Thanks Roger,

Question: Is there a way to define a default owner of folders and files in
Windows 2000 ? Does Windows Server 2003 manage this the same way ?

Our compagny has to be SOX compliance and this situation is causing us
trouble.

Thanks for the help !

Antoine

"Roger Abell [MVP]" wrote:

one must take away owner status to fully control NTFS permissions

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Antoine Auger-Giroux" <AntoineAugerGiroux@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:A95C7E4A-1425-4ED2-BA01-315E61FD9389@xxxxxxxxxxxxxxxx 
Hi all,

We have a windows 2000 file server

We recently discover that a Folder Creator Owner could change the folder
permission right. So all our security settings could be over pass by a
owner
who set it's own permission.

question: Is there a way to prevent a Owner of a folder or a file to
change
the permissions of it ? So, still be the owner, but wihtout the
permissions
to change the security settings.


Thanks

Antoine Auger-Giroux 




.

Relevant Pages

  • Re: LookupAccountSID fails on non-Windows machines
    ... > information from files on a network consisting of Windows XP and Linux ... > Explorer can read owner & permission information OK on Linux ...
    (microsoft.public.platformsdk.security)
  • Re: LookupAccountSID fails on non-Windows machines
    ... > information from files on a network consisting of Windows XP and Linux ... > Explorer can read owner & permission information OK on Linux ...
    (microsoft.public.security)
  • Allowing one-way access (write without read)
    ... I used to do this before with prior versions of WIndows ... to allow someone to upload a file to a test FTP site ... The user is either ends up having permission to ... security settings make it sound like it should work. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Rogue Folder
    ... Yep, if you right click the folder and select security, you will ... security settings but that you can take ownership of the directory". ... then owner and set yourself as the owner. ... have to go back and also give yourself permission as well. ...
    (microsoft.public.windows.server.sbs)
  • Re: Folder creator owner
    ... Note that doing this will impact any disk quota stuff you are doing as that is all based off of the owner. ... We recently discover that a Folder Creator Owner could change the folder ... So all our security settings could be over pass by a owner ... who set it's own permission. ...
    (microsoft.public.win2000.security)