Windows 7 / Security and Privacy

Control Access

User accounts identify people and allow them to log onto a computer and possibly to a network. What they can then do depends both on the permissions given to them or given to groups to which they belong, and on the ownership of the object they want to use. Windows Server 2008, when using the New Technology File System (NTFS), allows an administrator to assign various levels of permission to use an object (a file, a folder, a disk drive, a printer), as well as to assign ownership and the rights of ownership. (You cannot do this with the FAT or FAT32 file system.)

When you initially install Windows Server 2008, most files, folders, disk drives, and printers withhold permission from most users except for administrators to do most tasks with these objects. You can change the default permission rather quickly by using a property called inheritance that says all files, subfolders, and files in subfolders automatically inherit (take on) the permissions of their parent folder. Every file, folder, and other object in Windows Server 2008 NTFS, though, has its own set of security descriptors that are attached to it when it is created, and with the proper permission, these security descriptors can be individually changed.

Ownership

Initially, all permissions are granted by the creator of an object or by an administrator. The creator of an object is called its owner. The owner of an object has the right to grant and deny permission, as well as the right to grant the Take Ownership permission to others, allowing them to take ownership. An administrator can take over ownership from someone else, but an administrator cannot grant others ownership to objects the administrator did not create.

You can check the ownership and change it through the object's Properties dialog box. For a file or folder, open the Properties dialog box through Windows Explorer and see how you would change the ownership with these steps:

  1. Click Start | Computer. In the pane on the left, drag Folders to the top of the pane; open the disk and folders necessary to see in the right pane the folder or file that you want to look at or change the ownership for.
  2. In the right pane, right-click the subject folder or file and click Properties.
  3. In the Properties dialog box, click the Security tab and then click Advanced. The Advanced Security Settings dialog box opens.
  4. Click the Owner tab, in which you can see who the current owner is and the people to whom the ownership can be transferred. When you are finished, click OK twice to close the two dialog boxes still open. Also close the Windows Explorer.
[Previous] [Contents] [Next]

In this tutorial:

  1. Windows Server 2008 Security
  2. Authenticate the User
  3. Network User Authentication
  4. Replacements for Passwords
  5. Certificate Authentication
  6. Control Access
  7. Groups
  8. Permissions
  9. Add New Permissions
  10. Share Permission
  11. Secure Stored Data
  12. Use File and Folder Encryption
  13. Drive Encryption with BitLocker
  14. Use a Computer with BitLocker
  15. Understand Private/Public Key Encryption
  16. Secure Data Transmission
  17. Implement Secure LAN Transmission