Re: questions about the Security tab for a folders properties

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Replies inline
"yawnmoth" <terra1024@xxxxxxxxx> wrote in message
news:57fcaedd-23e6-4c78-a59f-aace0bcb4c71@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I right click on a folder, select Properties from the resultant menu,
and click on the Security tab (I have Simple File Sharing disabled).
Here's what I see under Group or user names:

Administrators (COMPUTERNAME\Administrators)
CREATOR OWNER
Everyone
SYSTEM
Users (NETVISTA\Users)

What do these mean?

Administrators and Everyone are easy enough to figure out - they
affect the permissions of all Administrative users and all users,
respectivelly. But what about the others?
Members of the Administrators group use the Administrators group
permissions.
Every account on the system gets the permissions (at least) of the Everyone
group.

I assume CREATOR OWNER affects the permissions of whomever created the
folder. Does it do that user, specifically, or does it do all users
of your "class" - ie. all Administrators or all Limited Users?
No, it means the specific account which created the entity.

Also, why not just show the name of the person who created the folder
or the group they're a part of? That might not be feasable, though,
if it's supposed to grant the same permissions to the owners of all
the various subfolders, which might not be the same as the owner of
the parent folder.
To much bookkeeping.

And what about SYSTEM? Why would SYSTEM need to access a folder? At
first, I thought that maybe it was for tasks scheduled via Windows
Scheduler, but that can't be it, since Windows Scheduler requires user
account information to run.
There is no account called SYSTEM. This name is used by Windows XP. And
Windows definitely needs to be able to access all folders and all files.

And what about Users? If I go to User Accounts in the Control Panel,
I can create two types of accounts - Computer administrator and
Limited account. As such, why not say "Limited accounts" instead of
"Users", assuming that they're even the same thing? Shouldn't the
names be referred to in a consistent manner?
Computer administrator belongs to the administrators group.
The limited user belongs to the users group. They aren't the same at all.

I click on the Advanced button and, on the resultant window, click on
the Effective Permissions tab. I hit the Select... button and see a
field where I'm supposed to "Enter the object name to select". Isn't
there always going to be a finite number of possible objects? ie. if
you only have two accounts, aren't those two going to be the only
possible objects? As such, why require you manually type it in? Why
not show all the options that you can choose from?
You do not understand that Windows is a multi user operating system. In
addition to those two accounts which you created, the installation of XP
creates accounts called NETWORK_SERVICE, LOCAL_SERVICE, and GUEST. There is
also an account which is supposed to be used for remote diagnostics (but
most people disable such an account). If you have installed the .NET
software, the installation will create a special account for this. The
NETWORK_SERVICE account is used by XP, after it is fully booted, to start
those programs involved in the network which do not need administrator
permisions. This is true also of the LOCAL_SERVICE account and the .NET
account. The GUEST account is intended to be used for making connections
using simple file sharing.

The reason for not showing all of the possible accounts is (perhaps)
reducing the amount of space that would be required to post all of the
information.

Jim


.

Relevant Pages

  • Re: installing games so other users can access and save their game
    ... Okay here's what I've found in the registry looking at the permissions in the ... " or "OWNER" or my account (which is actually the Owner ... Hit a few times and exited the registry and the rebooted. ... below labeled "Change owner to:" it listed 2 names, "Administrators ...
    (microsoft.public.games)
  • Re: Cant Remember How to Setup User Accounts
    ... When you create a user account by default ... > Then you can use NTFS folder permissions to manage what users on your ... > administrators, system, and your user account with full permission. ... > EFS file encryption built in. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: admt v2 migration problems
    ... According to the log file, I suspect that the problem is related to the ... account permissions on the problematic machine. ... - A member of the Administrators group in Domain2. ... The problem may also occur if the file system or registry permissions ...
    (microsoft.public.windows.server.migration)
  • Re: Is complete access in a win 2003 domain a possibility?
    ... other group, like Domain Admins, that account will have ... is an Administrators member that does not mean that they ... in Domain Admins; ... Setting via AdsiEdit permissions on AD objects may not ...
    (microsoft.public.security)
  • Re: Event ID: 1202
    ... No mapping between account names and security IDs was ... SeIncreaseBasePriorityPrivilege = Administrators ... "Meinolf Weber" wrote: ... A user account in one or more Group policy objects (GPOs) could not ...
    (microsoft.public.win2000.active_directory)