Windows XP / Beginners

Taking Ownership of Files and Folders

When you create a file or folder on an NTFS drive, Windows XP designates your user account as the owner of that object. That status gives you the right to allow or deny permission for other users and groups to access the file or folder. As owner, you can lock out every other user, including all members of the Administrators group.

So what happens if you turn over responsibility for a document (or an entire folder full of documents) to another user? As the owner, you can allow the other user to take ownership of the object. In addition, any member of the Administrators group can take ownership of any file or folder, although he or she cannot transfer ownership to other users.

Turning over the ownership of a file or folder makes sense when you want someone else to be responsible for setting permissions for that object. To ensure a smooth transition of power, use either of the following techniques.

If you're a member of the Administrators group, follow these steps:

  1. Right-click the file or folder icon, and choose Properties.
  2. On the Security tab, click Advanced to open the Advanced Security Settings dialog box for the file or folder.
  3. Click the Owner tab.
  4. Select either name from the Change Owner To list, and click OK.

If you're not an administrator, you must first be granted the right to take ownership of a file or folder explicitly. To do this, ask the current owner or any member of the Administrators group to add your account to the ACL for the file or folder and give you the Take Ownership permission. This permission can be found at the bottom of the list of special permissions available by clicking Edit in the Advanced Security Settings dialog box. Ultimately, the ability for an administrator to take ownership of files and folders means that you can't count on absolute privacy for any files stored on an NTFS drive. No matter how securely you lock them up, an administrator can break through the lock by taking ownership of the files. This is a brute force solution, however, and it's not something that can be easily hidden. If you're concerned about security and you want to monitor changes in ownership of file-system objects, configure your system so that Take Ownership events in a particular location are audited.

[Previous] [Contents] [Next]