"Marcin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> the owner's SID is part of the file's Security Descriptor - to eliminate
it,
> you would need to transfer ownership to another account. Is this an
option?
> If not, have you considered other means of securing file content, such as
> share level permissions (obviously this applies strictly to remote, rather
> than local, access), password protection (depending on file type), rights
> management, etc.
All understood, but it's a lot of extra hassle. The more reasonable way to
implement this feature would have been for "Change Permission" to only be
given implicitly when the owner is a member of Administrators group. To
give "Change Permission" implicitly when the owner is a common user is very
problematic. It means in effect than an ordinary user can completely undo
the file system permissions on a shared file and customize them to his or
her preferences, without any notification or consent by an administrator.
--
Will
> "Will" <westes-(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ...
> > If a user creates a file and is its owner, is there any way to stop the
> > user from obtaining the "Change Permissions" effective permission on
that
> > file?
> >
> > Assume that the ACL for the folder where the file is created does NOT
give
> > the user "Change Permissions" directly or implicitly.
> >
> > --
> > Will
> >
> >
>
>
|
Similar Threads
Linear Mode
