Re: Administrators do not have Owner Permissions

From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
Date: Wed, 16 Aug 2006 06:56:21 -0700

An object has a single owner, although this can be the administrators group.
The objects came into the ownership of those users when they were created,
which is the only behavior or new NTFS objects in W2k3 R2 and prior.
If the storage is being moved within a domain you could just use a backup
and restore with permissions, and you would not need to take ownership.
Otherwise, consider taking ownership, leaving existing permissions in place,
and then, at the top adding an inheritable grant to administrators (which
may
need to be redone at lower lavels if/where there are new inheritance points
defined to block inheritance from above).

"thorpen" <thorpen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:395921DB-C10F-4312-9CD2-7D7F6C36975A@xxxxxxxxxxxxxxxx

This appears to work - however I would like to just add Domain Admins as
the
owner and leave all the exisiting permissions there??

"Miha Pihler [MVP]" wrote:

Hi,

In this document Managing Existing Shares
http://www.microsoft.com/technet/archive/winntas/deploy/confeat/10wntpcb.mspx?mfr=true
under Managing Directory and File Permissions > Taking Ownership of Files
there are step-by-step instructions on how to take ownership of the
files.

There is also command line tool called Takeown. Its use is described here

How to Use the TakeOwn Utility to Manage Shares in Windows NT 4.0
http://support.microsoft.com/default.aspx?scid=kb;en-us;269269

Note: this will remove any current permissions from files and folders.

--
Mike
Microsoft MVP - Windows Security

"thorpen" <thorpen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:768700F2-7A26-46E6-9F2D-B9BDAE5FB38F@xxxxxxxxxxxxxxxx

We are trying to migrate data from our old NT 4 servers to new 2003 AD
servers. Whilst copying data we have come across some directories that
have
been created by users that have had the ownership changed. They have
removed
the Administrator account and just left their own name as the owner.
This
means that we are unable to copy their data.

Is there some command line tool I can run against all files and folders
to
add Addministrators as the Owner?

References:
- Re: Administrators do not have Owner Permissions
  - From: Miha Pihler [MVP]

Prev by Date: Re: Administrators do not have Owner Permissions
Next by Date: Re: NTFS Permissions
Previous by thread: Re: Administrators do not have Owner Permissions
Index(es):
- Date
- Thread

Relevant Pages

Re: Adding XP in another partition users into Vi$ta
... If Windows didn't support some mechanism for allowing a group of users to set the owner on a file, the Windows backup program could not correctly restore backups. ... If that were possible, an unscrupulous user could take ownership, do something wrong, and then cover his tracks by giving ownership to someone else. ... It is true that a program can write new information in the Owner field of an objects security descriptor if the process has WRITE_OWNER access to the object, but WRITE_OWNER access permits the caller to change ownership only to the user SID in the callers access token or, if the user is a member of the Administrators group, to the Administrators SID. ... When logged in as a standard user, when you elevate you are logging in with the credentials you supply to the elevation prompt and the elevated program is running under those credentials. ...
(microsoft.public.windows.vista.security)
Re: Adding XP in another partition users into Vi$ta
... "The Owner tab shown in Figure 12.19 has no option for giving ownership ... Administrators group, to the Administrators SID. ... When logged in as a standard user, when you elevate you are logging ...
(microsoft.public.windows.vista.security)
Re: Dont Administrators have access to everything?
... folder, which the Limited users getaccess to. ... One of the Administrators is the Owner of nearly every ... the few that can be opened, but I thought the Administrators ... If you're an admin and you take ownership, and you replace permissions, ...
(microsoft.public.windowsxp.security_admin)
Re: Control over creation of procs & views owned by dbo
... To add on to Jasper's response, you could also change object ownership to ... 'dbo' with sp_changeobjectowner. ... security context of the invoking user, not the object owner. ... need permissions on only directly referenced objects. ...
(microsoft.public.sqlserver.security)
Folder ownership/permissions
... Owner is set to Administrators ... permissions and just have everything accessible to ... >> under the permissions tab, ...
(microsoft.public.windowsxp.security_admin)