Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, March 23, 2018 9:20 AM
Hi,
I would like to know what are the minimum permission for a user (not admin) to take ownership of files.
As per my experience, the ntfs permission "take ownership" isn't enough and asks for admin credentials (there is a shield next to the option in explorer"...
Thomas.
All replies (9)
Monday, March 26, 2018 3:14 AM
Hi Thomas,
The default owner of a file or folder is the person who creates the resource. Ownership can be taken or transferred by the several privilege account "administrator, authorized user, backup operator or the current owner of a file".
However, for the security protecting from malware, ownership changing will require administrator password input for those user account types.
If you have any other concerns or question, please reply directly.
Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, March 26, 2018 9:34 AM
Hello Joy-Qiao. Thanks for your post. All you write is true and works as you say.
In order to me to turn the page, I still need to understand why if a user has the permission to take ownership does an administrator has to intervene, and second, would you please post a link to an official Microsoft document that outline this?
Thank you in advance.
Thomas.
Monday, March 26, 2018 10:38 AM
Hi Thomas,
It is not difficult to understand that. For example, an normal user have privilege to take owner of the folder, so he could grate access privilege or deny access to other user. Also other user have same right to change the right, it will get the access control into a chaos situation. If the file is a system files, malware will pretend it is a normal application to require for modify privilege. Microsoft based on system protection and sensible management, use administrator to prevent risk.
For the source of the upper reply, please refer to: Learn How to Take or Assign Ownership of Files and Folders
Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, March 26, 2018 10:58 AM
NO!
I am very happy for you that your easily understand your own logic. I don't!
Further, the link that you provide doesn't specify at any point that an administrator must intervene when a user that has take ownership permission uses that permission. Here the part of your own link:
"Taking Ownership of Files and Folders
If you are an administrator, an authorized user, or a backup operator, you can take ownership of a file or folder by completing the following steps:
1. In Windows Explorer, open the file or folder’s Properties dialog box by right-clicking the file or folder and then clicking Properties.
2. On the Security tab, click Advanced to display the Advanced Security Settings dialog box.
3. On the Owner tab, click Edit.This opens the Advanced Security Settings dialog box for editing.
4. In the Change Owner To list, select the new owner.If you’re taking ownership of a folder, you can take ownership of all subfolders and files within the folder by selecting the Replace Owner On Subcontainers And Objects option.
5. Click OK twice when you have finished. "
Please revise and post back when done with an official link stating that taking ownership of a file by a user that has that permission to take ownership needs an administrator to intervene!
PS: This always worked in Windows 7 (with no admin intervention) (your link concerns Windows 7). I recently discovered this new behavior in Windows 10, that's why I'm asking.
Thanks.
Thomas.
Tuesday, March 27, 2018 9:49 AM
Hi Thomas,
I compared the owner privilege, system configuration on user side in Windows 7 and Windows 10, at last, achieved your desire in my test.
Please see my test actions.
1.create a local normal user named as "Tom" with command line.
2.add the Tom account to Computer Configuration\Windows Settings\Security Settings\Local Policies\user right access\take ownership of files or other objects in Group Policy editor
3.Turn off UAC.
4.Create a new folder named as "test", assign Tom with full control of the folder (I have tested with other rights such as modify or others, but it works only with full control)
5.login Tom account and change the owner through command line "takeown /f c:\test /r /d y". The command line run successfully without requiring administrator password. (However, I noticed the change did not work through GUI)
Even through there are some points can't be clarified on my side as the limited document. I would be very appreciate if you have any hints to provide and discuss with us.
Bests,
Joy.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, March 27, 2018 1:36 PM
Hi, I have nothing else to add to this except that I also set the Computer Configuration\Windows Settings\Security Settings\Local Policies\user right access\take ownership of files or other objects in Group Policy with no special effect.
So I'm in the expectation that someone, maybe at M$ will shed some light on this.
The question remains as per what minimum permissions a user that has "take ownership" needs to be able to use that permission successfully.
If this is now only targeted to "full" admins only, that's ok (or not) but let us please officially know.
Scenarios: disk quotas leveling among members of a quota group...
Thomas.
Wednesday, March 28, 2018 2:01 AM
Hi Thomas,
"If this is now only targeted to "full" admins only"
As my test result shows, the standard user who granted with full control right and also was added to that GP will take owner permission successfully. So, on that point, it didn't limited to administrator only.
However, there is no official document specialized point it out. After all, most documents are aimed to principle explanation, product Introduction or usage procedure.
If my reply have some help on your issue, please kindly mark it as an answer. If it less helpful for you, please wait for other customers' replies, they might have different viewpoint and resource.
Bests,
Joy.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, April 3, 2018 9:59 AM
Hi Thomas,
Would you mind letting me know the result of the suggestions?
If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.
Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, April 3, 2018 1:23 PM
Hi Joy-Qiao,
I feel like you are in a points collection rush.
I already said what I'm thinking about your tests, that remain "tests". Without an official statement of this new behaviors, I cannot accept this as "the answer" because it's illogic. I more assimilate it to a bug.
Anyway, thanks for testing and posting. You may mark the replies as answers if it makes you happy.
Best regards,****
Thomas.