Information Technology Reference
In-Depth Information
ownership to another user. So it's possible that users can be file owners but not be able to
open the files they own. However, because owners can change permissions on files they own,
they can grant themselves the permissions they want.
A user can become the owner of a file system object in three ways:
•
Create the file or folder
—The user who creates a file or folder is automatically the owner.
•
Take ownership of a file or folder
—User accounts with Full control permission or the Take
ownership special permission for a file or folder can take ownership of the file or folder.
Members of the Administrators group can take ownership of all files.
•
Assigned ownership
—An Administrator account can assign another user as the owner of a
file or folder.
NTFS Permission Inheritance
As mentioned, permission inheritance in the file system
behaves like permission inheritance in Active Directory. By default, initial permissions are set at
the root of a volume, and all folders and files in that volume inherit these settings unless config-
ured otherwise.
6
Windows changes the default inheritance settings on many folders cre-
ated during installation so that they don't inherit all permissions from the
root of the volume.
One reason you might need to configure special permissions is so that you can define inher-
itance properties of special permissions on folders. There are seven options for how permissions
on a folder apply to other objects in that folder, as shown in Figure 6-10.
Figure 6-10
Apply to options for special permissions
All standard permissions have the Apply to option set to “This folder, subfolders and files,”
but there might be reasons to change this default setting. For example, you might want users to
be able to create and delete files in a folder but not delete the folder itself. To do this, you could
Search WWH ::
Custom Search