Re: Using CREATOR GROUP for files/folder
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 07/12/05
- Next message: koolkat: "Re: prevent access to shared folder when not on a domain computer"
- Previous message: Karl Levinson, mvp: "Re: Telnet"
- In reply to: Roger Abell: "Re: Using CREATOR GROUP for files/folder"
- Next in thread: Roger Abell: "Re: Using CREATOR GROUP for files/folder"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Jul 2005 02:42:55 -0500
OK. Thanks for correcting me on that. That will give me something new to
play around with too. --- Steve
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:OHYrmOqhFHA.1164@TK2MSFTNGP10.phx.gbl...
> Actually Steve OP is asking about the Creator Group special principal,
> not Creator Owner, and OP is correct, this is one of the two actual uses
> of the primary group introduced with Whistler versions of OS that are
> actually Windows (i.e. not Posix) usages.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%2388vAajhFHA.2472@TK2MSFTNGP15.phx.gbl...
>> The primary group is used only by the posix subsystem which would not be
>> used in most domains.
>>
>> Creator/owner is a holder. If creator/owner has permissions to a
> file/folder
>> then the owner of the file/folder will receive permissions that are
> assigned
>> to creator/owner rather that the normal permissions the user would
>> receive
>> based on group membership. In other words if the domain users group has
>> read/list/execute/write permissions to a folder and creator/owner has
>> full
>> control and a user creates/writes a new file to that folder and therefore
>> becomes the owner that user will have full control permissions to that
>> le. -- Steve
>>
>>
>>
>> "Vince C." <none@hotmail.com> wrote in message
>> news:pan.2005.07.11.08.43.10.946520@hotmail.com...
>> > Hi.
>> >
>> > We have created user accounts (Active Directory) on our W2K server. It
> is
>> > the main domain controller. Currently the primary group for all users
>> > is
>> > "Domain Users". I'd like to add "CREATOR GROUP" to a group of files on
> the
>> > disk. If I understood correctly that special ID refers to the primary
>> > group of a user.
>> >
>> > If I change the primary group to something else for a user in Active
>> > Directory, will security attributes on files and folders change
>> > accordingly or will the group still be the group the user belonged to
> when
>> > he/she created the file?
>> >
>> > For instance (in sequence):
>> > 1. change user "Frank" primary group (make sure user is not currently
>> > logged on) from "Domain Users" to "Accounting" 2. add "CREATOR GROUP"
>> > to
>> > security.
>> >
>> > Will Frank's files now belong to "Accounting" or "Domain Users"?
>> >
>> > Thanks in advance,
>> > Vince C.
>>
>>
>
>
- Next message: koolkat: "Re: prevent access to shared folder when not on a domain computer"
- Previous message: Karl Levinson, mvp: "Re: Telnet"
- In reply to: Roger Abell: "Re: Using CREATOR GROUP for files/folder"
- Next in thread: Roger Abell: "Re: Using CREATOR GROUP for files/folder"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
