On an NTFS volume, every object (file or folder) has an owner. By default, the owner is supposed to be the user account that created the object. The newly created object looks into the access token of the user creating the object, finds the SID stored in the token's Owner field, then places that value into the new objects ownership field.
However, there is an exception to the rule. If the account used to create the object is a member of the Administrators group or Domain Administrators group, the ownership field in that user's token contains the SID for the group, not the SID for the individual user account. As such, any object created by that admin account will have its ownership field filled in with the admin group name, not the user's accounts. Nice, huh?
According to Microsoft, "The assumption is that administrative accounts are used only to administer the system and not for any individual purpose. As a result, objects created by one administrator can be managed by other administrators in the same group."
If you need to have your account set as the object's owner, you have three options:
- Take ownership of the file after it has been created.
- Remove your account from the Domain Administrators or Administrators groups.
- Use a script or third-party product to change the owner on your files.
About the author: Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment, as well as an independent consultant who specializes in the design, implementation and management of Windows networks.