How do you remove creator/owner?

Thanks, Terri

James Winzenz said the following on 1/13/2010 9:06 AM:
> This is what we do - we remove Creator/Owner when the server is set
> up, don't have to worry about it after that.
>
> Thanks,
>  
> James Winzenz
>
>
>
>  
> ------------------------------------------------------------------------
> Date: Wed, 13 Jan 2010 08:41:33 -0500
> Subject: Re: Users Setting NTFS Permissions
> From: [email protected]
> To: [email protected]
>
> That's because the parent folder has creator/owner permissions and any
> newly created folder is inheriting the permission from the parent.. 
> In my FS where I've removed creator/owner from the parentI don't see
> this behavior.
>
> On Wed, Jan 13, 2010 at 8:20 AM, James Rankin <[email protected]
> <mailto:[email protected]>> wrote:
>
>     I normally just give the groups RWXD, but the Creator Owner
>     privilege appears by default on newly created folders. Without
>     removing the ability to create folders and/or run subinacl scripts
>     to take ownership, I find removing the GUI to change the
>     permissions is the easiest option.
>
>     2010/1/13 Jonathan Link <[email protected]
>     <mailto:[email protected]>>
>
>         Isn't that just obfuscation?  I thought the ability to change
>         permissions was granted by the Full Control right.  If that's
>         the case, pull Creator/Owner Full control from your file
>         system and reassign permissions accordingly.
>
>
>         On Wed, Jan 13, 2010 at 7:11 AM, James Rankin
>         <[email protected] <mailto:[email protected]>> wrote:
>
>             Prevent access to the rshx32.dll file on all your
>             workstations and servers to Administrators and System
>             only. You can do this with a GPO. The user can't access
>             the security tab then and can't change permissions. Unless
>             they know how to use cacls. You could lock the permissions
>             on that file as well through Group Policy.
>
>             2010/1/13 Terri Esham <[email protected]
>             <mailto:[email protected]>>
>
>                 We have a Windows 2008 Domain whereby we control
>                 access to folders
>                 stored on one of the domain controllers through Active
>                 Directory
>                 groups.  When a new folder is created on the network
>                 file server, we
>                 grant full permissions to the associated active
>                 directory group with the
>                 exception of the ability to set and change permissions.
>
>                 We just discovered that a user can grant permissions
>                 to any folder that
>                 they create under the primary folder because they are
>                 the folder
>                 owner.   Obviously, I can change ownership to the
>                 domain admin, but how
>                 in the world would I keep up with this.  I've no idea
>                 when a user might
>                 create a sub folder.  I stumbled upon the problem
>                 because I found a
>                 folder whereby a user had granted the everyone group
>                 full rights.  I
>                 knew none of the domain admins would do that.  After
>                 talking with the
>                 owner of the folder, I found out he's been doing it
>                 all along.
>
>                 Wow!  This is a real problem for us because we want to
>                 control access
>                 through groups.  This one user had shared a bunch of
>                 folders using
>                 individual names.  Plus, he had no clue what he was
>                 doing and just
>                 granted everyone full rights.
>
>                 How in the world do you guys handle this?  Am I
>                 missing something?
>
>                 Thanks, Terri
>
>                 ~ Finally, powerful endpoint security that ISN'T a
>                 resource hog! ~
>                 ~
>                 <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>
>                  ~
>
>
>
>
>             -- 
>             "On two occasions...I have been asked, 'Pray, Mr Babbage,
>             if you put into the machine wrong figures, will the right
>             answers come out?' I am not able rightly to apprehend the
>             kind of confusion of ideas that could provoke such a
>             question."
>
>              
>
>              
>
>
>
>          
>
>          
>
>
>
>
>     -- 
>     "On two occasions...I have been asked, 'Pray, Mr Babbage, if you
>     put into the machine wrong figures, will the right answers come
>     out?' I am not able rightly to apprehend the kind of confusion of
>     ideas that could provoke such a question."
>
>      
>
>      
>
>
>
>
>  
>  
>
>
>
> ------------------------------------------------------------------------
> Hotmail: Trusted email with powerful SPAM protection. Sign up now.
> <http://clk.atdmt.com/GBL/go/196390707/direct/01/>
>
>  
>
>  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to