Re: Forcing Ownership of files
From: Herb Martin (news_at_LearnQuick.com)
Date: 04/29/04
- Next message: Herb Martin: "Re: Group Scope - Which one?"
- Previous message: Enkidu: "Re: Newbie question"
- In reply to:(deleted message) Cameron Biggart: "Re: Forcing Ownership of files"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 29 Apr 2004 05:33:52 -0500
> > Contrary to popular misconception, non-Admins can take ownership
> > without that right IF they have Full Control.
>
> I am adding 'user' with full control to each directory, where 'user' is
> the logon of the user in question. This has fixed the problem as they now
> have explicit permission to do whatever they like with the content of
> thier folder.
That does solve the "access" problem but not the actual one
you requested -- they can also now "manually" take ownership.
> The short answer is becaus the files were copied a couple of years ago
> when I first tuned up here from a Novell server to a Windows 2000 server
> and security wasn't important. Now they are worried about security so
> it's being tightened up - with the obvious consiquences.
Most people set file security rather naively -- setting every file to the
same
value which almost never provides maximum security, and by using "Everyone"
or other "large groups" to give their friends access -- frequently way to
much
access.
Directories and existing files to NOT necessarily need the same permissions.
Remember that "directory" permissions largely set the permissiosn for
NEW files, and that can be entirely difference from existing files with
known
security needs.
-- Herb Martin "Cameron Biggart" <lordwolfcb@hotmail.com> wrote in message news:Xns94DAAAA5FDE6Clordwolfcbinau@207.46.248.16... > "Herb Martin" <news@LearnQuick.com> wrote in > news:uGWzh4ZLEHA.1052@TK2MSFTNGP12.phx.gbl: > > > "Cameron Biggart" <lordwolfcb@hotmail.com> wrote in message > > news:Xns94DA8D2D19ABlordwolfcbinau@207.46.248.16... > >> Hi > >> > >> I know that I can 'take' ownership of a file/folder as administrator > >> but how do I give ownership of a file that was copied from one server > >> to another by administrator back to the person who created it on the > >> original server. I guess I'm asking is there a Windows equivalent of > >> the unix chown command that would set the owner/creator of a file to > >> a specified user. > > > > You usually cannot -- you can give FULL CONTROL to the user and > > let them TAKE ownship. > > > > Contrary to popular misconception, non-Admins can take ownership > > without that right IF they have Full Control. > > I am adding 'user' with full control to each directory, where 'user' is > the logon of the user in question. This has fixed the problem as they now > have explicit permission to do whatever they like with the content of > thier folder. > > [snip] > > >> I need to do this for 80 directories each with multiple > >> subdirectories in > > a > >> 'users' share of the drive. For security I set permissions to > >> 'creator_owner' & 'domain administrators' to 'full control' and > >> removed > > the > >> access for the 'everyone' group but now people are not able to access > > files > >> that don't show them as creator/owner (as would be expected). > > > > > > > You can also use the too SubInAcl.exe from the resource kit to replace > > current owner or permission ACL SIDs. > > > > This sounds like it could work, but I don't have a copy of the Res Kit on > hand so I'll just keep using the method in my first paragraph of answer. > > -- > Cameron > Troll Bridge sponsor #1: bringing Discworld to the Roundworld. > http://www.snowgumfilms.com
- Next message: Herb Martin: "Re: Group Scope - Which one?"
- Previous message: Enkidu: "Re: Newbie question"
- In reply to:(deleted message) Cameron Biggart: "Re: Forcing Ownership of files"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
