In the NTFS file system, the Owner is the person ultimately responsible for the permissions assigned to a file, usually the creator of a file. By default, the owner of a file has permission to modify the object’s discretionary access control list (DACL) by granting users and groups permissions for various objects.
A file always has an owner. Ownership creates a trail of accountability for the file. The ownership of a file on an NTFS volume can be changed in two ways:
- The user who owns the file, or any user who has full control permission on the file, can grant the NTFS take ownership permission to another user, thus allowing that user to take ownership of the file by using the file’s Security property sheet. Users can be allowed to take ownership of a file they do not own, but ownership cannot be assigned to them by other users (even the original owner or an administrator).
- Members of the Administrators group can always take ownership of any file by using the Security property sheet. When an administrator takes ownership of a file, the Administrators group becomes the owner of the file, not the individual administrator.
In the Microsoft Windows 2000 operating system, objects in Active Directory also have owners. The user who creates an object in Active Directory becomes the object’s owner. The owner controls the permissions for the object and its attributes. Ownership of an object in Active Directory can be changed in ways similar to those for a file on an NTFS volume.