Have you ever created an NTFS object, such as a file or folder, and then viewed that object's properties only to find the ownership is set to an Administrators group account and not your own individual account? This happens by default in circumstances when an administrator's personal user account has been added to the Administrators group account.
Microsoft created this default action on the assumption that administrative accounts are used only to administer the system and not for any individual purpose. However, you can reverse this behavior so your account is set as the default owner.
Why would you want to do that? Let's say, for some reason, you've added your personal account to either the local Administrators group or Active Directory Domain Administrators group. Further on down the road, you need to track the ownership of NTFS objects, like files or folders, in order to check disk quotas or verify security settings. If you leave the default object security options, the objects you have created will not be tied to your personal account. They will fall under the ownership of the administrators.
These six steps will change that behavior on a single system:
- Click Start, and then click Control Panel.
- In Control Panel, click Performance and Maintenance.
- Click Administrative Tools, and then double-click Local Security Policy.
- In the left pane of the Local Security Settings console, expand Local Policies, and then click Security Options.
- In the right pane of the Local Security Settings console, double-click System objects: Default owner for objects created by members of the Administrators group.
- Change the default from Administrators group to Object creator.
Note: If you are in an Active Directory domain, just go to the Group Policy Object you wish to modify and navigate to the same "Security Options --> System Objects" section.
More Windows systems management resources
About the Author: Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment. He is also an independent consultant who specializes in the design, implementation and management of Windows networks.