Identifying permissions
With this permission sleight of hand, you might wonder how you can
discover who has permissions to what. As you move deeper into the
folder hierarchy and as permission inheritance
is blocked at different levels, it can become confusing. Further, when
you must troubleshoot a user’s access-related issue, you might need a
little help. This is when the Effective Access tab on the Advanced Security Settings window becomes useful.
To use this tool, complete the following steps:
-
Navigate to the Effective Access tab, as shown in Figure 19, and select a user.
-
Tap or click the View Effective Access button to get a complete list of permissions that apply to the selected user or group.
You can see every advanced permission and which factors might be
limiting access. Note also that you can change ownership of the
selected resource from this window, which you will see happen in the
next section.
Taking ownership of a resource
You can change the owner of a resource and its permissions
in the Advanced Security Settings window. When a user account owns a
file or folder, that account holds the key to that resource and can
lock out non-administrative users.
By default, the
owner of a file or folder is the user account that originally created
it. However, ownership can be transferred to other users or groups as
necessary. For example, if someone who is responsible for a shared
folder leaves the organization, his replacement can be provided with
ownership rights to that resource and pick up those responsibilities.
Only administrators, authorized users, and backup operators can take
away ownership of a resource from another account. In addition,
administrators and the current owner of a resource can assign ownership
of a resource to another account.
To change the ownership of a resource, complete the following steps:
-
Open the Advanced Security Settings window (Figure 19).
-
Next to the name of the existing Owner, tap or click Change.
-
Provide the name of the user or group to whom ownership should be assigned.
-
When the owner information is changed, Windows asks whether you want
to Replace Owner On Subcontainers And Objects. If you want to take ownership
of every object beneath the selected item, select this check box. If
you want to change ownership of the selected item only, make sure the
check box is clear.
-
Tap or click the OK button.
Note
USE CAUTION WHEN TAKING OWNERSHIP OF A RESOURCE
Although changing ownership on user-created files and folders is
generally safe, be very careful when attempting to change or take
ownership of system files, including those in the Windows and Program
Files folders. File and folder ownership is a part of how Windows 8
determines which accounts are allowed to perform certain functions.
Changing ownership of system files can have unpredictable consequences
that might not always be positive.
Resolving permissions conflicts
If you’ve been reading carefully, you might have noticed that two sets of permissions are at play when you create a shared folder on a Windows 8–based computer and then access that shared folder over the network.
When you first access the share over the network, you’re subjected
to the share permissions. Then, each file and folder inside the share
has NTFS permissions that must be respected.
But what happens when there is a conflict? For example, what happens
when a user accesses a share that has read-only permissions but that
user has full control NTFS permissions to the data in the shared folder?
In the case of a conflict between share and NTFS permissions, the most restrictive permissions are respected.
In the preceding scenario, the access would be read-only when
connecting to that read-only share even though the user has full
control rights in NTFS.
