Read this whole guide offline with no ads, for a very low price!
Click Here!

Custom Search







Table Of Contents  CertiGuide to A+ (A+ 4 Real)
 9  Chapter 1: What are Operating Systems and How Do They Work?
      9  File Attributes
           9  NTFS File Permissions

Previous Topic/Section
Enabling Auditing
Previous Page
Pages in Current Topic/Section
1
Next Page
File Naming Conventions (Most Common Extensions)
Next Topic/Section

The “Creator Owner”

Before leaving the subject of NTFS permissions, one last principle needs to be discussed: the “Creator Owner”. When a user creates a new file, whether by right clicking in a folder and choosing an item from the “New” menu item or by saving a document from Microsoft Word, the user is granted the “Creator Owner” flag against it. The Creator Owner property grants the user absolute control over the file, and goes as far as allowing them to deny the system administrator permission to access it. Although this may seem odd from a technical point of view, it makes sound business sense and is a critical measurement in the security standard certification that Microsoft aimed for. Although system administrators (quite legitimately) need control over the entire operating system and all files stored on the hard drive, some files need to be kept private to a single user – a document containing financial and salary records, for example.

The power a user has to lock an administrator out of files and folders only extends so far, however. The administrator also has the power to seize ownership of an object, and become its Creator Owner. So what is the purpose of this electronic game of one-upmanship?

The logic behind this system is actually quite sensible. When a user creates a file, they become the Creator Owner, at which point they can prevent the administrator from accessing it. If an administrator tries causally to access the file, they will be denied. However if there is an emergency (for example, the user has left the company but left the permissions on critical documents locked up tight), the administrator can seize ownership and become the Creator Owner. To prevent rogue administrators from seizing control of and viewing supposedly protected documents, the Creator Owner is visible to anyone who wishes to check. In addition, administrators may only change the Creator Owner to themselves, which prevents the seizure of ownership and then assignment of that ownership to someone else, shifting the blame onto an innocent third party.

It is important to remember that whatever controls are available, the administrators still have ultimate power over the computer. An old security maxim states, “A network is only as secure as the administrator is trustworthy” – if the administrator cannot be trusted to behave in a professional manner, they should not be in the role.


Previous Topic/Section
Enabling Auditing
Previous Page
Pages in Current Topic/Section
1
Next Page
File Naming Conventions (Most Common Extensions)
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to A+ (A+ 4 Real) from StudyExam4Less.com. Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide to A+ (A+ 4 Real) (http://www.CertiGuide.com/apfr/) on CertiGuide.com
Version 1.0 - Version Date: March 29, 2005

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.