Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


October 08, 2008

Take Control of Windows Object Ownership and Inheritance

A new SID limits the power of Windows object owners
A Web Exclusive from Windows IT Pro
Jan De Clercq
Toolbox
InstantDoc #100457
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
View this exclusive article with VIP access -- click here to join |
See More Active Directory (AD) Articles Here | Reprints | Or sign up for our VIP Monthly Pass!
Executive Summary:

The Windows DAC model and its "ownership is power" concept can threaten security and compliance for organizations that must ensure the continuous availability of company data. But in the classic DAC model, there's no way to block users from deleting objects they’ve created. Now a feature in Vista and Server 2008 can help you regain control of ownership. It's a security principal called Owner Rights (SID S-1-3-4). You can use this SID and other methods such as command-line tools, to control ownership and better manage your Windows resources.



In Windows, ownership is power—a user who creates an object automatically becomes its owner and can set permissions at his or her discretion. This authorization model, known as discretionary access control (DAC), means an object owner can control access to a file, folder, registry key, or Active Directory (AD) object, affecting the availability of that data as well as your organization's efforts to comply with regulatory requirements. . . .

Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path To learn more about permissions, ACLs, and ACEs
"Navigating the File System Permission Jungle"

"Icacls: The New and Improved Cacls?"

"Safeguard Sensitive Content with Information Rights Management"

"Vista Command-Line Tools"

"Understanding Windows Service Hardening"

"Strengthening Permissions on Hard Links"

"The Basics of ACL Inheritance"

"Icacls"

"Access Denied: Understand the Difference Between AD OUs and Groups"
Top Viewed ArticlesView all articles
Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

How can I stop and start services from the command line?

...

Where is Microsoft NetMeeting in Windows XP?

...
Active Directory (AD) Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

Managing Unix/Linux with Microsoft System Center Operations Manager 2007 Cross Platform Extensions Beta

Addressing the Insider Threat with NetIQ Security and Administration Solutions
Related Events How IE7 & The New Extended Validation SSL Certificates Impact Your Site

Concrete Ways to Make Sure Your SharePoint Deployment Doesn't Blow Up

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing