Windows
 

Windows 8 : Sharing files and folders (part 6) - Understanding NTFS permissions - Identifying permissions, Taking ownership of a resource

10/10/2014 4:05:47 AM

Identifying permissions

With this permission sleight of hand, you might wonder how you can discover who has permissions to what. As you move deeper into the folder hierarchy and as permission inheritance is blocked at different levels, it can become confusing. Further, when you must troubleshoot a user’s access-related issue, you might need a little help. This is when the Effective Access tab on the Advanced Security Settings window becomes useful.

To use this tool, complete the following steps:

  1. Navigate to the Effective Access tab, as shown in Figure 19, and select a user.

  2. Tap or click the View Effective Access button to get a complete list of permissions that apply to the selected user or group.

    You can see every advanced permission and which factors might be limiting access. Note also that you can change ownership of the selected resource from this window, which you will see happen in the next section.

The Effective Access tab in the Advanced Security Settings window

Figure 19. The Effective Access tab in the Advanced Security Settings window

Taking ownership of a resource

You can change the owner of a resource and its permissions in the Advanced Security Settings window. When a user account owns a file or folder, that account holds the key to that resource and can lock out non-administrative users.

By default, the owner of a file or folder is the user account that originally created it. However, ownership can be transferred to other users or groups as necessary. For example, if someone who is responsible for a shared folder leaves the organization, his replacement can be provided with ownership rights to that resource and pick up those responsibilities.

Only administrators, authorized users, and backup operators can take away ownership of a resource from another account. In addition, administrators and the current owner of a resource can assign ownership of a resource to another account.

To change the ownership of a resource, complete the following steps:

  1. Open the Advanced Security Settings window (Figure 19).

  2. Next to the name of the existing Owner, tap or click Change.

  3. Provide the name of the user or group to whom ownership should be assigned.

  4. When the owner information is changed, Windows asks whether you want to Replace Owner On Subcontainers And Objects. If you want to take ownership of every object beneath the selected item, select this check box. If you want to change ownership of the selected item only, make sure the check box is clear.

  5. Tap or click the OK button.

Note

USE CAUTION WHEN TAKING OWNERSHIP OF A RESOURCE

Although changing ownership on user-created files and folders is generally safe, be very careful when attempting to change or take ownership of system files, including those in the Windows and Program Files folders. File and folder ownership is a part of how Windows 8 determines which accounts are allowed to perform certain functions. Changing ownership of system files can have unpredictable consequences that might not always be positive.

Resolving permissions conflicts

If you’ve been reading carefully, you might have noticed that two sets of permissions are at play when you create a shared folder on a Windows 8–based computer and then access that shared folder over the network.

When you first access the share over the network, you’re subjected to the share permissions. Then, each file and folder inside the share has NTFS permissions that must be respected.

But what happens when there is a conflict? For example, what happens when a user accesses a share that has read-only permissions but that user has full control NTFS permissions to the data in the shared folder?

In the case of a conflict between share and NTFS permissions, the most restrictive permissions are respected. In the preceding scenario, the access would be read-only when connecting to that read-only share even though the user has full control rights in NTFS.

REAL WORLD: KEEPING THINGS SIMPLE WITH ONE SET OF PERMISSIONS

In the real world, administrators generally want to worry about just one set of permissions. This keeps things simple. Many administrators opt to provide Full Control or Read/Write permissions on shared folders and then use just NTFS permissions to limit what users can do. In this way, administrators can be certain that a user’s access to certain folders is always limited, whether that folder is accessed from the network or directly from the desktop. Remember, NTFS permissions are always in effect, regardless of the location from which the user accesses the information. Shared permissions, however, are not applied when a user accesses a file or folder directly from the computer that is housing that file or folder.

 
Others
 
- Windows 8 : Sharing files and folders (part 5) - Understanding NTFS permissions - Creating advanced security settings
- Windows 8 : Sharing files and folders (part 4) - Understanding NTFS permissions - Modifying file or folder permissions
- Windows 8 : Sharing files and folders (part 3) - Sharing a folder
- Windows 8 : Sharing files and folders (part 2) - Enabling folder sharing using the Windows 8 interface, Enabling folder sharing using the traditional interface
- Windows 8 : Sharing files and folders (part 1) - Configuring the Network and Sharing Center
- Windows 8 : Configuring virtual machine networking and storage (part 3) - Assigning a virtual switch to a virtual machine , Assigning storage to a virtual machine
- Windows 8 : Configuring virtual machine networking and storage (part 2) - Hyper-V virtual switch
- Windows 8 : Configuring virtual machine networking and storage (part 1) - Introducing storage and networking for Hyper-V
- Windows 8 : Customizing the Lock Screen - Customizing the Lock Screen Background,Controlling the Apps Displayed on the Lock Screen, Disabling the Lock Screen
- Windows 8 for Business : Features Exclusive to Windows 8 Enterprise,Windows RT and Business
- Windows 8 for Business : Virtualization (part 4) - VHD Shell Integration,Remote Desktop and Remote Desktop Host
- Windows 8 for Business : Virtualization (part 3) - Using Hyper-V Virtual Machine Connection
- Windows 8 for Business : Virtualization (part 2) - Using Hyper-V Manager
- Windows 8 for Business : Virtualization (part 1) - Client Hyper-V
- Windows Server 2012 : Deploying Dynamic Access Control (part 4) - Validating the Configuration
- Windows Server 2012 : Deploying Dynamic Access Control (part 3) - Adding a Resource Property to the Global Resource Property List, Creating a New Central Access Rule
- Windows Server 2012 : Deploying Dynamic Access Control (part 2) - Configuring Resource Property for Files
- Windows Server 2012 : Deploying Dynamic Access Control (part 1) - Preparing Claims
- Windows Server 2012 : Managing Users and Data with Dynamic Access Control - The Building Blocks of DAC , Requirements and Predeployment Pointers
- Windows 7 : Using BitLocker Drive Encryption
 
 
Most View
 
- SQL Server 2012 : Normal Forms (part 1) - First Normal Form
- Windows Server 2012 : Deploying domain controllers using Server Manager (part 4) - First Windows Server 2012 domain controller in an existing forest
- Windows 7 : Windows Media Center—What’s the Hubbub?
- Windows Server 2012 : Hyper-V - Installing the Hyper-V Role
- Packaging and Deploying Sharepoint 2013 Apps : Packaging and Publishing an App
- Microsoft Exchange Server 2013 : Role assignment (part 3) - Database scoping, Special roles
- Microsoft Lync Server 2013 Edge Server : Edge Server Troubleshooting (part 1) - Certificates
- Windows Phone 8 : Exploring the Execution Model (part 3) - Programmatically Exiting an App , Saving Transient State
- Windows Phone 8 : Share Menu Extensibility (part 1) - Adding Your App to the Share Menu
- Windows Phone 8 : Share Menu Extensibility (part 2) - A Simple Photo Upload Share Application
 
 
Top 10
 
- Upgrading to Sharepoint 2013 : Upgrading Service Applications
- Upgrading to Sharepoint 2013 : Upgrading Site Collections
- Upgrading to Sharepoint 2013 : Upgrading Content (part 4) - Attaching the Content Database
- Upgrading to Sharepoint 2013 : Upgrading Content (part 3) - Fixing the Issues, Additional Parameters
- Upgrading to Sharepoint 2013 : Upgrading Content (part 2) - Running Test-SPContentDatabase
- Upgrading to Sharepoint 2013 : Upgrading Content - Creating the Web Application, Testing the Content Database
- Windows 8 : Introducing Storage Spaces - Creating storage spaces
- Windows 8 : Working with file systems (part 5) - Working with quotas, Working with quotas for user accounts
- Windows 8 : Working with file systems (part 4) - Understanding Encrypting File System, BitLocker
- Windows 8 : Working with file systems (part 3) - Auditing access to securable objects by using SACLs