How do you remove creator/owner? Thanks, Terri
James Winzenz said the following on 1/13/2010 9:06 AM: > This is what we do - we remove Creator/Owner when the server is set > up, don't have to worry about it after that. > > Thanks, > > James Winzenz > > > > > ------------------------------------------------------------------------ > Date: Wed, 13 Jan 2010 08:41:33 -0500 > Subject: Re: Users Setting NTFS Permissions > From: [email protected] > To: [email protected] > > That's because the parent folder has creator/owner permissions and any > newly created folder is inheriting the permission from the parent.. > In my FS where I've removed creator/owner from the parentI don't see > this behavior. > > On Wed, Jan 13, 2010 at 8:20 AM, James Rankin <[email protected] > <mailto:[email protected]>> wrote: > > I normally just give the groups RWXD, but the Creator Owner > privilege appears by default on newly created folders. Without > removing the ability to create folders and/or run subinacl scripts > to take ownership, I find removing the GUI to change the > permissions is the easiest option. > > 2010/1/13 Jonathan Link <[email protected] > <mailto:[email protected]>> > > Isn't that just obfuscation? I thought the ability to change > permissions was granted by the Full Control right. If that's > the case, pull Creator/Owner Full control from your file > system and reassign permissions accordingly. > > > On Wed, Jan 13, 2010 at 7:11 AM, James Rankin > <[email protected] <mailto:[email protected]>> wrote: > > Prevent access to the rshx32.dll file on all your > workstations and servers to Administrators and System > only. You can do this with a GPO. The user can't access > the security tab then and can't change permissions. Unless > they know how to use cacls. You could lock the permissions > on that file as well through Group Policy. > > 2010/1/13 Terri Esham <[email protected] > <mailto:[email protected]>> > > We have a Windows 2008 Domain whereby we control > access to folders > stored on one of the domain controllers through Active > Directory > groups. When a new folder is created on the network > file server, we > grant full permissions to the associated active > directory group with the > exception of the ability to set and change permissions. > > We just discovered that a user can grant permissions > to any folder that > they create under the primary folder because they are > the folder > owner. Obviously, I can change ownership to the > domain admin, but how > in the world would I keep up with this. I've no idea > when a user might > create a sub folder. I stumbled upon the problem > because I found a > folder whereby a user had granted the everyone group > full rights. I > knew none of the domain admins would do that. After > talking with the > owner of the folder, I found out he's been doing it > all along. > > Wow! This is a real problem for us because we want to > control access > through groups. This one user had shared a bunch of > folders using > individual names. Plus, he had no clue what he was > doing and just > granted everyone full rights. > > How in the world do you guys handle this? Am I > missing something? > > Thanks, Terri > > ~ Finally, powerful endpoint security that ISN'T a > resource hog! ~ > ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, > if you put into the machine wrong figures, will the right > answers come out?' I am not able rightly to apprehend the > kind of confusion of ideas that could provoke such a > question." > > > > > > > > > > > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you > put into the machine wrong figures, will the right answers come > out?' I am not able rightly to apprehend the kind of confusion of > ideas that could provoke such a question." > > > > > > > > > > > > > > ------------------------------------------------------------------------ > Hotmail: Trusted email with powerful SPAM protection. Sign up now. > <http://clk.atdmt.com/GBL/go/196390707/direct/01/> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
