Announcement

Collapse
No announcement yet.

Domain Admin user account and file/folder ownership issue...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Admin user account and file/folder ownership issue...

    Hi,

    I have one Windows 2003 Domain (in Mixed Mode - due to legacy Windows NT servers - but that's "another issue") with a problem in file/folder ownership. On one member server (file server) there's a shared folder where user's can store documents but they should maintain their ownership.

    The folder has the following NTFS permissions:
    • Auth Users - Special (List Folder / Read Data; Read Attributes; Create Folders /Append Data) - Apply to "This folder only";
    • CREATOR OWNER - Full Control - Apply to "Subfolders and files only;
    • Domain Admins - Full Control - Apply to "This folder, subfolders and files";
    • SYSTEM - Full Control - Apply to "This folder, subfolders and files".

    Sharing permissions are all set to "Full Control" for specific user groups.

    When a "regular" user creates a folder under the share, the folder's NTFS permissions are set to:
    • Domain Admins - Full Control;
    • user account - Full Control;
    • SYSTEM - Full Control;

    And the folder's ownership is set to the user account.

    This is the expected behavior but if the user belongs to the Domain Admins group, the NTFS permissions are set to:
    • Administrators - Full Control;
    • Domain Admins - Full Control;
    • SYSTEM - Full Control;


    And the folder/file ownership is set to Administrators group!

    The client OS is Windows 7. Today I haven't had the time to try with one of the Windows XP clients but I assume it's the same...

    This invalidates the quota reporting, because several files belonging to 4 Domain Admins accounts have the wrong ownership. They should belong to the individual users and not to the Administrators group. And also causes other smaller issues...

    Can anyone help me with this?

    Thanks,
    Pedro
    Last edited by pmsousa; 16th January 2013, 17:59. Reason: Added client OS.
Working...
X