How to reverse NTFS object ownership from administrators to object's creator -- and why

When an admin adds their personal user account to the Administrators group and then creates an NTFS object, Windows sets the object's owner to the administrators and not to its creator's account. By completing these six simple steps, admins can return the object to its true owner.

More Windows systems management resources

Have your files and folders list your account as the object's owner.

Visit our Windows systems management and administration tools topical resource center.

Have you ever created an NTFS object, such as a file or folder, and then viewed that object's properties only to find the ownership is set to an Administrators group account and not your own individual account? This happens by default in circumstances when an administrator's personal user account has been added to the Administrators group account.

Microsoft created this default action on the assumption that administrative accounts are used only to administer the system and not for any individual purpose. However, you can reverse this behavior so your account is set as the default owner.

Why would you want to do that? Let's say, for some reason, you've added your personal account to either the local Administrators group or Active Directory Domain Administrators group. Further on down the road, you need to track the ownership of NTFS objects, like files or folders, in order to check disk quotas or verify security settings. If you leave the default object security options, the objects you have created will not be tied to your personal account. They will fall under the ownership of the administrators.

These six steps will change that behavior on a single system:

  1. Click Start, and then click Control Panel.

  2. In Control Panel, click Performance and Maintenance.

  3. Click Administrative Tools, and then double-click Local Security Policy.

  4. In the left pane of the Local Security Settings console, expand Local Policies, and then click Security Options.

  5. In the right pane of the Local Security Settings console, double-click System objects: Default owner for objects created by members of the Administrators group.

  6. Change the default from Administrators group to Object creator.

Note: If you are in an Active Directory domain, just go to the Group Policy Object you wish to modify and navigate to the same "Security Options --> System Objects" section.

About the Author: Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment. He is also an independent consultant who specializes in the design, implementation and management of Windows networks.

This was first published in September 2007

Dig deeper on Windows File Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close