Re: Taking ownership of files on remote computer
- From: "Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 9 Jun 2009 11:13:52 -0400
"Matthias Hofmann" <hofmann@xxxxxxxxxxxxxx> wrote in message
news:7977hjF1pqji7U1@xxxxxxxxxxxxxxxxxxxxx
"Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
schrieb im Newsbeitrag news:%23WhbSBH6JHA.1424@xxxxxxxxxxxxxxxxxxxxxxx
A limited admin account is just that, limited. The admin account, which
since it may match, may be assuming that it is the local account of the
remote machine. But I can't verify that because I don't exactly know how
you logged on, was it a mapped drive that you supplied alternate
credentials, or if it prompted you for credentials, the NTLM settings,
etc. However one thing I can see is that it may have assumed it is the
local admin account of the remote machine, but in most cases, it should
have prompted you.
Well first of all, thanks to all of you for your help. I am not a
networking expert, so I am describing everything as precisely as I can:
I am running a home network with two computers with Windows XP
Professional. Both computers belong to the same workgroup, and except for
the problem described, the network runs just fine.
I am calling my primary computer, the one I am working at, "computer A".
The remote computer, where I am logging in and trying to take ownership of
files, is "computer B".
On computer A, I have one account for the administrator, and one limited
user account. I rarely use the admin account, and the limited account is
my personal account, so to speak.
On computer B, I got the same accounts as on computer A, which means that
user names and passwords are identical. The SIDs are different on both
machines, of course.
On computer B, I have two physical hard drives, master and slave. Windows
and all the program and user data is installed on the master drive, while
the slave is exclusively used for backups. The slave drive with the backup
data is shared, so I can access it from computer A. The access permissions
for the shared backup drive are set as follows:
Authenticated Users: Full Control (yes), Change (yes), Read (yes)
Guests: Full Control (no), Change (no), Read (yes)
On the file system level, the access rights for the backup data on
computer B are set in such a way that I can read, but not change them with
my limited user account. I achieved this by adding the limited user
account to the permissions for the backup data on computer B and giving
myself the following access rights:
Full Controll: no
Traverse Folder / Execute File: yes
List Folder / Read Data: yes
Read Attributes: yes
Read Extended Attributes: yes
Create Files / Write Data: no
Create Folders / Append Data: no
Write Attributes: no
Write Extended Attributes: no
Dekete Subfolders and Files: no
Delete: no
Read Permissions: yes
Change Permissions: no
Take Ownership: yes
Please note that beside my limited user account, the only other users or
groups that have access rights for the backup data on computer B are
"Administrators" and "SYSTEM". So when I log into computer B from computer
A with my limited user account, the fact that I can read the backup data
proves that the authentication worked and that I am practically logged in
more or less the same way as I would if I logged in locally.
The only difference seems to be that when I try to take owenership of a
file within the backup data, my user name is displayed as
"COMPUTER_A\Username" rather than "COMPUTER_B\Username" in the
corresponding dialog. But when I remotely log into computer B with my
administrator account and create a file within the backup data, the owner
is set to "COMPUTER_B\Administrator", although it was created by
"COMPUTER_A\Administrator"!
And as I mentioned before, taking file ownership remotely also works fine
with my administrator account. So how come it does not work with my
limited user account?
--
Matthias Hofmann
Anvil-Soft, CEO
http://www.anvil-soft.com - The Creators of Toilet Tycoon
http://www.anvil-soft.de - Die Macher des Klomanagers
I'm nost sure why it is acting differently, but what I can say and know from
experience that the administrator account will work that way but not
non-admin accounts. I used to know of an article explaining the way accounts
are enumerated when connecting over a network and explains the difference in
regards to how the local SAM accounts are enumerated (it's a Rights setting
in Local Policy) that works when the machine is set to Simple Sharing mode
instead of the default Guest mode. If I find it, I'll post it, unless
someone else does before me.
Ace
.
- References:
- Taking ownership of files on remote computer
- From: Matthias Hofmann
- Re: Taking ownership of files on remote computer
- From: Lanwench [MVP - Exchange]
- Re: Taking ownership of files on remote computer
- From: Matthias Hofmann
- Re: Taking ownership of files on remote computer
- From: Ace Fekay [Microsoft Certified Trainer]
- Re: Taking ownership of files on remote computer
- From: Matthias Hofmann
- Taking ownership of files on remote computer
- Prev by Date: Re: Browsing not working accross VLANs
- Next by Date: Re: Server 2505 error
- Previous by thread: Re: Taking ownership of files on remote computer
- Next by thread: Re: Taking ownership of files on remote computer
- Index(es):
Relevant Pages
|
