+ Post New Thread
Results 1 to 8 of 8
Windows Thread, CREATOR OWNER entry in NTFS Security in Technical; I'm happy with NTFS permissions in general - combining permissions, inheritance, allow vs deny, inherited vs explicit, behaviour when copying ...
  1. #1

    Join Date
    May 2009
    Location
    UK
    Posts
    291
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    14

    CREATOR OWNER entry in NTFS Security

    I'm happy with NTFS permissions in general - combining permissions, inheritance, allow vs deny, inherited vs explicit, behaviour when copying or moving files etc., but I just can't get my head around CREATOR OWNER.

    I have XP Pro SP3 as a standalone. I can see a CREATOR OWNER entry in Security for some folders (such as c:\, c:\windows, c:\windows\system32) but not others (such as c:\documents and settings\MyUserName). I haven't seen a CREATOR OWNER entry in Security for any system or user-created files. This is the same whether I view the properties as myself or from the Administrator account.

    I'm really confused - I know that the account that creates a file/folder is the initial owner and that ownership can be transferred to another user (if allowed to "Take Ownership"). Why do only some folders have the CREATOR OWNER entry and why don't files have the entry?

    Finally, I suspect that it might not be of relevance in every day administration, but I'm studying for exams ... so I'll HAVE to understand!

    Thanks for your time and patience.

  2. #2

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114
    It can be very relevant e.g. I use on the parent folders for user profiles and home folders (the user folders under there are created by the OS at first logon)

    Folder permissions tell the OS what permission to put on files and folders created within it. If it were Creator-owner:Modify, then when Alice creates a file in the folder that file will get given Alice:Modify rights. Bob would get Bob:Modify on files he creates and so on...

    You might do something like this in a shared folder: Creator-owner:Modify, Everyone:Read. I could then put some lovingly written document in there, everyone could read it but they wouldn't be able to edit it and mess it up - I'm the only one allowed to mess it up!

    It can get more complex than that in RL, but this is the basic concept.

  3. 2 Thanks to PiqueABoo:

    Ignatius (17th September 2010), sjatkn (18th September 2010)

  4. #3

    Join Date
    May 2009
    Location
    UK
    Posts
    291
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    14
    Thank you for the responses. As soon as I read them, I had a "Doh!" moment. I've read the book several times and the part which deals with CREATOR OWNER just isn't written clearly. It might just have been written in Swahili. As soon as I read the comments above, the light went on.

    A follow up though, about what happens "under the hood":

    Does the CREATOR OWNER entry in the shared folder properties have a SID associated with it? I assume that, when Alice and Bob create their files or folders in the shared folder and the CREATOR OWNER permissions are inherited to the newly-created files or folders, the CREATOR OWNER SID (if it exists), is replaced by Alice's or Bob's SID?

  5. #4

    Join Date
    May 2009
    Location
    UK
    Posts
    291
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    14
    Hmm - now I'm confused! It'll be a few days before I can test it on a server. I just tried something on my stand alone XP Pro though ...

    I created a NewFolder on my Limited User Desktop, disabled inheritance of permissions into it and added CREATOR OWNER: Modify. I logged on as Administrator and created test.txt in the NewFolder. I logged on as the Limited User and examined the permissions of test.txt. Administrator was present with Read and Read & Execute, but the was no CREATOR OWNER entry. I didn't expect a CREATOR OWNER entry as it's a file, rather than a folder. The Administrator: Read and Read & Execute were inherited from the containing folder's CREATOR OWNER: Modify and the owner was, as expected, Administrator.

    I think that the confusion is in the terminology. There's a CREATOR OWNER entry (it's always in capitals) and there's the file or folder owner, as displayed via Properties > Advanced > Owner.

  6. #5

    Join Date
    May 2009
    Location
    UK
    Posts
    291
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    14
    NetworkAdminKB.com is down, though I've seen the document via google cache. It looks like there are a number of other interesting articles there so I hope that they manage to get it all working soon.

  7. #6

    Join Date
    Apr 2010
    Location
    Chicagoland
    Posts
    9
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    0
    Just as an FYI, if you take/change ownership of a file or folder, I don't believe it changes the creator/owner permission values to the new owner.

  8. #7

    Join Date
    May 2009
    Location
    UK
    Posts
    291
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    14
    Quote Originally Posted by Seker View Post
    Just as an FYI, if you take/change ownership of a file or folder, I don't believe it changes the creator/owner permission values to the new owner.
    Yes, that's as I understand it too.

  9. #8

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114
    I think it's like this: When Administrator takes ownership of a file the creator owner does become "Administrator", but the system adds new permissions to the security descriptor for file so the original owner still has the same access they used to have.

    PS: Having just played for a few mins, sometimes it it definitely "like this" and sometimes it apparently isn't... can't figure out the trigger one way or another, possibly depends on what existing permissions the new owner already had. My head hurts now.
    Last edited by PiqueABoo; 22nd September 2010 at 10:54 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Offline task owner
    By imiddleton25 in forum Office Software
    Replies: 0
    Last Post: 25th August 2010, 12:06 PM
  2. Roaming Profiles NTFS/Share Security
    By Ambient in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 3rd June 2010, 04:33 PM
  3. make owner same as filename.
    By madcyryl in forum Scripts
    Replies: 0
    Last Post: 16th June 2009, 03:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •