It serves as network share. The user has the same permissions on the folder as the Creator Owner group has got on the „parent folder“ (higher directory).Let’s take the folder „Accounting“. This means that a user has the permission to create subdirectories or files in any folder you allow him to access. 3 Risk of Unauthorized Access Caused by NTFS StandardThe Creator Owner permission serves as a template. 1 What are Creator Owner Groups Used For? This is a local user account which is linked to and synchronised with a directory service such as Open Directory or Active Directory.
Add User And Allow Premmisions On For Multiple Files Full Access To(Screenshots 4&5)Risk of Unauthorized Access Caused by NTFS StandardThis is normal behaviour and set to standard for NTFS by Microsoft. If Max Mustermann creates a new folder in the accounting folder, he will get CREATER OWNER permissions to that folder and also full access to the ownership of that new subdirectory. All users that are members of the group “Test-Group1” have special permissions on that folder. Take care of the CREATOR OWNER permissions and on “Test-Group01” (screenshots 2&3).In the second screenshot you can see the CREATOR OWNER group has full access to the accounting folder.In our Test-Group01 there is a user from our domain DC01 called “Max Mustermann”.But he can read it, because he still has his creator ownership permissions on the subfolder “sensitive data”. As a result read access to the folder has been removed. This means he becomes the owner of that folder and has full access to all its data in “sensitive data”.Imagine Max Mustermann gets a new position in the company and loses the permission to access the data of the accounting folder. Now Max Mustermann creates a subfolder “sensitive data” below the ACCOUNTING folder: He automatically gets CREATOR OWNER permissions for the new subfolder.The best part of this solution is that it is easy to implement, because there are no further consequences. Users only get the inherited permissions to new subfolders or files and not the additional permissions from the OWNER CREATOR template.![]() ![]()
0 Comments
Leave a Reply. |
Details
AuthorJason ArchivesCategories |