Click here to get back home

Accessing folders owned by another user?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Accessing folders owned by another user? Linn Kubler 12-06-2007
Posted by Roger Abell [MVP] on December 7, 2007, 2:38 am
Please log in for more thread options
 As the earlier posts indicate, a creator of an object in the 20th
century legacy Windows is its owner what same cannot be denied any power
over the object.

Use of that power can be curtailed if the access is not local (ie. over
network share, or mediated by a web service, etc.).

To "see" what is there use any software, like NTbackup, that uses the backup
and restore capabilities, run in context of an account with those rights.

Roger

> Hi,
>
> I have a user who was going into the security tap of folders in a public
> folder and turning off the inherit from parent checkbox and then selecting
> remove to block people from seeing her files. Kind of dumb since she
> could simply put the files in her home folder, but I digress.
>
> To stop this I took away everyone's full control rights which I assumed
> would work. It seems to have worked at some level, however, I found today
> that she created a subfolder and did the same thing. Looking into it now
> I see that everyone still has the rights to turn off inheritance on
> objects they own.
>
> I have three questions, is my observation correct, should a user without
> full control of a folder they own be able to turn off inheritance?
>
> If so, is it possible to stop this and how?
>
> Lastly, is there any way I can gain access to this folder without having
> her password or changing the ownership of the directory? Is it possible
> to give the administrator's account equivelent file rights of a user or
> group? I don't want to tip her hand yet that I'm on to her.
>
> Thanks in advance,
> Linn
>
>



Posted by Linn Kubler on December 12, 2007, 9:45 am
Please log in for more thread options
> As the earlier posts indicate, a creator of an object in the 20th
> century legacy Windows is its owner what same cannot be denied any power
> over the object.
>
> Use of that power can be curtailed if the access is not local (ie. over
> network share, or mediated by a web service, etc.).

This is a network share and I thought I had curtailed her power by removing
the Full Control right. What else must I do to prevent users from removing
or modifying everyone else's rights to a folder or file?

>
> To "see" what is there use any software, like NTbackup, that uses the
> backup and restore capabilities, run in context of an account with those
> rights.
>

This is part of my concern, how do I know that our backups are complete? We
use Backup Exec, when I look at the logs for that directory it shows it as
empty. How do I know it's not just being blocked from backing up the files?

Thanks,
Linn

> Roger
>
>> Hi,
>>
>> I have a user who was going into the security tap of folders in a public
>> folder and turning off the inherit from parent checkbox and then
>> selecting remove to block people from seeing her files. Kind of dumb
>> since she could simply put the files in her home folder, but I digress.
>>
>> To stop this I took away everyone's full control rights which I assumed
>> would work. It seems to have worked at some level, however, I found
>> today that she created a subfolder and did the same thing. Looking into
>> it now I see that everyone still has the rights to turn off inheritance
>> on objects they own.
>>
>> I have three questions, is my observation correct, should a user without
>> full control of a folder they own be able to turn off inheritance?
>>
>> If so, is it possible to stop this and how?
>>
>> Lastly, is there any way I can gain access to this folder without having
>> her password or changing the ownership of the directory? Is it possible
>> to give the administrator's account equivelent file rights of a user or
>> group? I don't want to tip her hand yet that I'm on to her.
>>
>> Thanks in advance,
>> Linn
>>
>>
>
>



Posted by Roger Abell [MVP] on December 21, 2007, 9:10 am
Please log in for more thread options

>
>> As the earlier posts indicate, a creator of an object in the 20th
>> century legacy Windows is its owner what same cannot be denied any power
>> over the object.
>>
>> Use of that power can be curtailed if the access is not local (ie. over
>> network share, or mediated by a web service, etc.).
>
> This is a network share and I thought I had curtailed her power by
> removing the Full Control right. What else must I do to prevent users
> from removing or modifying everyone else's rights to a folder or file?
>

If you have reduced all share level permissions to modify/change
at most, that should have done it.

>>
>> To "see" what is there use any software, like NTbackup, that uses the
>> backup and restore capabilities, run in context of an account with those
>> rights.
>>
>
> This is part of my concern, how do I know that our backups are complete?
> We use Backup Exec, when I look at the logs for that directory it shows it
> as empty. How do I know it's not just being blocked from backing up the
> files?
>

Back it up as an admin using the built-in ntbackup, and then
restore to alternate location without keeping permissions.
If it is empty and the backup log does not show errors, then
that directory is empty.


> Thanks,
> Linn
>
>> Roger
>>
>>> Hi,
>>>
>>> I have a user who was going into the security tap of folders in a public
>>> folder and turning off the inherit from parent checkbox and then
>>> selecting remove to block people from seeing her files. Kind of dumb
>>> since she could simply put the files in her home folder, but I digress.
>>>
>>> To stop this I took away everyone's full control rights which I assumed
>>> would work. It seems to have worked at some level, however, I found
>>> today that she created a subfolder and did the same thing. Looking into
>>> it now I see that everyone still has the rights to turn off inheritance
>>> on objects they own.
>>>
>>> I have three questions, is my observation correct, should a user without
>>> full control of a folder they own be able to turn off inheritance?
>>>
>>> If so, is it possible to stop this and how?
>>>
>>> Lastly, is there any way I can gain access to this folder without having
>>> her password or changing the ownership of the directory? Is it possible
>>> to give the administrator's account equivelent file rights of a user or
>>> group? I don't want to tip her hand yet that I'm on to her.
>>>
>>> Thanks in advance,
>>> Linn
>>>
>>>
>>
>>
>
>



Similar ThreadsPosted
user restrictions accessing server based folders using the SBS 200 March 16, 2006, 6:46 am
Accessing remote user January 10, 2006, 6:21 pm
User folders permissions. June 7, 2007, 3:40 pm
Finding folders where user was specifically given access September 11, 2006, 1:45 pm
How to let user group member to share files and folders August 26, 2006, 12:16 am
Hiding folders that a user does not have rights to access - WebDAV January 2, 2008, 2:37 pm
How to not allow user move folders accidentially in MS server 2003? January 31, 2008, 4:33 am
Accessing shares locks my account March 9, 2006, 10:14 am
Accessing resources between non-trusted domains September 12, 2006, 9:53 am
Accessing Shares across the Network from an ASP page September 17, 2007, 10:59 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap