Every object has an owner, whether the object is in an NTFS volume or in Active Directory Domain Services (AD DS). The owner controls how permissions are set on the object and to whom permissions are granted.
|
Important |
|
An administrator who needs to repair or change permissions on a file must begin by taking ownership of the file. |
By default, the owner is the entity that created the object. The owner can always change permissions on an object, even when the owner is denied all access to the object.
Ownership can be taken by:
- An administrator. By default, the
Administrators group is given the Take ownership of files or
other objects user right.
- Any user or group who has the Take Ownership
permission on the object.
- A user who has the Restore files and
directories user right.
Ownership can be transferred in the following ways:
- The current owner can grant the Take
Ownership permission to another user if that user is a member of a
group defined in the current owner's access token. The user must
actually take ownership to complete the transfer.
- An administrator can take ownership.
- A user who has the Restore files and
directories user right can double-click Other users and
groups and choose any user or group to assign ownership to.
Additional references