Re: Home directory permissions. What to set?



Being Owner of a folder does not confer any access in and of itself.
It does allow that Owner to modify the permissions, or even give
away ownership. However, if there is no NTFS grant to the account
that is Owner that account has no access until permissions are changed.

The grant on the parent of Full to Creator Owner only has impact on
new things that are created by that account. It does not apply to things
owned by some account except in that it says, when some account
creates something (and hence is owner of it) place an NTFS grant on
that new something (in your example of Full) giving this to that account.

The usual form is for the account whose profile it is to exclusively have
a Full control grant, although there is a policy setting that causes the
system to also place a grant to Administrators on new profile dirs.

<g18c@xxxxxxxxxxx> wrote in message
news:1159243631.509866.297590@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi, i have the following setup:

\users


with the permissions on the users directory (i do not inherit
permissions from parent)


Adminstrators: Full control
Authenticated users: Read only (this folder only)
Creater Owner: Full control
System: Full control


Then i set the owner of each sub folder, ie \users\chris owner is set
to c...@xxxxxxxxxxxxxxx


This works well, and seems a simple way of managing the permissions
(owners have access others do not). However is this the recommended way

of setting up permissions for home directories?


I ask because when i set the profile path (under Active Directory Users

and Computers -> user properties) it prompts me to grant full control
for the user to this folder. Is my way not better as it is clearer on
who has access based on the owner, rather than having to add explicit
permissions?


Any advice much appreciated.


Cheers,


Chris



.



Relevant Pages

  • Re: Help - recover deleted Public Folder
    ... public folders can only be deleted by those with "Owner" ... You could make the owner an account that's not commonly used to log ... If you set the permissions for "Default" to be the minimum you want your ... rights to the folder. ...
    (microsoft.public.windows.server.sbs)
  • Re: Share Folder
    ... If an account is granted Full control to something, file or folder, ... and changes the owner of them. ... To make sure that all permissions within an area are just so, ...
    (microsoft.public.windows.server.security)
  • Re: Dont Administrators have access to everything?
    ... folder, which the Limited users getaccess to. ... One of the Administrators is the Owner of nearly every ... the few that can be opened, but I thought the Administrators ... If you're an admin and you take ownership, and you replace permissions, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Nmae of Profile in XP Home
    ... Settings, its name is not Daave, but rather it is still Owner. ... The correct way really is to immediately abandon the Owner profile ... To change the name of your Documents and Settings\UserName folder: ... 1- Log on to your account and use the SET USERPROFILE command to ...
    (microsoft.public.windowsxp.general)
  • Re: Lets talk about ownership!
    ... They will have the same permissions but the permissions are meaningless as there is no user to match. ... According my previous example the user "Terry" has read/write permissions on folder NickData. ... Ownership doesn't really matter as long as you have permissions. ... XP can be configured in Local Security Policy to make the Admin group the owner for files created by admins. ...
    (microsoft.public.windowsxp.general)