Using CREATOR GROUP for files/folder

> Hi.
> We have created user accounts (Active Directory) on our W2K server. It is
> the main domain controller. Currently the primary group for all users is
> "Domain Users". I'd like to add "CREATOR GROUP" to a group of files on the
> disk. If I understood correctly that special ID refers to the primary
> group of a user.
> If I change the primary group to something else for a user in Active
> Directory, will security attributes on files and folders change
> accordingly or will the group still be the group the user belonged to when
> he/she created the file?
> For instance (in sequence):
> 1. change user "Frank" primary group (make sure user is not currently
> logged on) from "Domain Users" to "Accounting" 2. add "CREATOR GROUP" to
> security.
> Will Frank's files now belong to "Accounting" or "Domain Users"?
> Thanks in advance,
> Vince C.

> The primary group is used only by the posix subsystem which would not be
> used in most domains.
> Creator/owner is a holder. If creator/owner has permissions to a

> then the owner of the file/folder will receive permissions that are

> to creator/owner rather that the normal permissions the user would receive
> based on group membership. In other words if the domain users group has
> read/list/execute/write permissions to a folder and creator/owner has full
> control and a user creates/writes a new file to that folder and therefore
> becomes the owner that user will have full control permissions to that
> le. -- Steve
> > Hi.
> > We have created user accounts (Active Directory) on our W2K server. It

> > the main domain controller. Currently the primary group for all users is
> > "Domain Users". I'd like to add "CREATOR GROUP" to a group of files on

> > disk. If I understood correctly that special ID refers to the primary
> > group of a user.
> > If I change the primary group to something else for a user in Active
> > Directory, will security attributes on files and folders change
> > accordingly or will the group still be the group the user belonged to

> > he/she created the file?
> > For instance (in sequence):
> > 1. change user "Frank" primary group (make sure user is not currently
> > logged on) from "Domain Users" to "Accounting" 2. add "CREATOR GROUP" to
> > security.
> > Will Frank's files now belong to "Accounting" or "Domain Users"?
> > Thanks in advance,
> > Vince C.

> Actually Steve OP is asking about the Creator Group special principal,
> not Creator Owner, and OP is correct, this is one of the two actual uses
> of the primary group introduced with Whistler versions of OS that are
> actually Windows (i.e. not Posix) usages.

> > The primary group is used only by the posix subsystem which would not be
> > used in most domains.
> > Creator/owner is a holder. If creator/owner has permissions to a
> file/folder
> > then the owner of the file/folder will receive permissions that are
> assigned
> > to creator/owner rather that the normal permissions the user would

> > based on group membership. In other words if the domain users group has
> > read/list/execute/write permissions to a folder and creator/owner has

> > control and a user creates/writes a new file to that folder and

> > becomes the owner that user will have full control permissions to that
> > le. -- Steve
> > > Hi.
> > > We have created user accounts (Active Directory) on our W2K server. It
> is
> > > the main domain controller. Currently the primary group for all users

> > > "Domain Users". I'd like to add "CREATOR GROUP" to a group of files on
> the
> > > disk. If I understood correctly that special ID refers to the primary
> > > group of a user.
> > > If I change the primary group to something else for a user in Active
> > > Directory, will security attributes on files and folders change
> > > accordingly or will the group still be the group the user belonged to
> when
> > > he/she created the file?
> > > For instance (in sequence):
> > > 1. change user "Frank" primary group (make sure user is not currently
> > > logged on) from "Domain Users" to "Accounting" 2. add "CREATOR GROUP"

> > > security.
> > > Will Frank's files now belong to "Accounting" or "Domain Users"?
> > > Thanks in advance,
> > > Vince C.

> Actually Steve OP is asking about the Creator Group special principal,
> not Creator Owner, and OP is correct, this is one of the two actual uses
> of the primary group introduced with Whistler versions of OS that are
> actually Windows (i.e. not Posix) usages.
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>> The primary group is used only by the posix subsystem which would not be
>> used in most domains.
>> Creator/owner is a holder. If creator/owner has permissions to a
> file/folder
>> then the owner of the file/folder will receive permissions that are
> assigned
>> to creator/owner rather that the normal permissions the user would
>> receive
>> based on group membership. In other words if the domain users group has
>> read/list/execute/write permissions to a folder and creator/owner has
>> full
>> control and a user creates/writes a new file to that folder and therefore
>> becomes the owner that user will have full control permissions to that
>> le. -- Steve
>> > Hi.
>> > We have created user accounts (Active Directory) on our W2K server. It
> is
>> > the main domain controller. Currently the primary group for all users
>> > is
>> > "Domain Users". I'd like to add "CREATOR GROUP" to a group of files on
> the
>> > disk. If I understood correctly that special ID refers to the primary
>> > group of a user.
>> > If I change the primary group to something else for a user in Active
>> > Directory, will security attributes on files and folders change
>> > accordingly or will the group still be the group the user belonged to
> when
>> > he/she created the file?
>> > For instance (in sequence):
>> > 1. change user "Frank" primary group (make sure user is not currently
>> > logged on) from "Domain Users" to "Accounting" 2. add "CREATOR GROUP"
>> > to
>> > security.
>> > Will Frank's files now belong to "Accounting" or "Domain Users"?
>> > Thanks in advance,
>> > Vince C.
>