Taking Ownership of a File or Folder

Each file or folder on an NTFS volume has an owner, who is the person who controls permissions on the object and can assign permissions to others. The person who creates a new file is its initial owner.

To find out who owns a file or folder:

1. Right-click the file or folder in Windows Explorer and choose Properties.
2. Click the Security tab and click Advanced.
3. Click the Owner tab to open a dialog box similar to the one shown in Figure 28-4. The Current Owner Of This Item box at the top of the dialog box shows the current owner.

It is sometimes necessary to take ownership of a file or a folder. For example, if a user who owns a file will no longer be responsible for its maintenance, a system administrator can take ownership of the file and then allow another user to take ownership, or another user can take ownership of the file directly.

Figure 28-4. The Owner tab shows the current owner and those who can take ownership.

To take ownership of a file or folder, you must have Take Ownership permission for the file or folder. (Take Ownership is one of the permissions included in Full Control permission.) To obtain Take Ownership permission, the current owner, another user with Full Control permission, or a member of the Administrators group must give your account Full Control permission.

To take ownership of a file or folder:

1. Display the Owner tab in the Access Control Settings dialog box, shown in Figure 28-4.
2. Select a name in the Change Owner To list, which includes your account name and the names of any groups to which you belong that have Take Ownership permission.
3. If you're taking ownership of a folder and you also want to take ownership of the folder's contents, select Replace Owner On Subcontainers And Objects.

Remember that a file can have only one owner. If you take ownership of a file, you take the ownership away from another user. However, it is also possible for a group to own a file. In that case, all members of the group have creator/owner access to the file.

Remember that the user who creates a file or folder is the owner of that file or folder (until ownership is taken by someone else). Although every member of the Administrators group has the power to take ownership of the file or folder, the owner always has the final say on who has access to the file.

A User's View of Security

We've discussed the different features that are available to system administrators and file owners for setting file permissions. But how are everyday system users affected by security?

When a user attempts to perform an operation on a secured file, Windows checks the file's access control list. If the ACL allows access, the user's request is granted. However, if the user doesn't have access privileges to the file, the request is denied. The exact error message the user gets depends on which application is running, and what the user is trying to do. For example, an attempt to delete a protected file in Windows Explorer results in a dialog box message similar to the one shown below.

Don't be misled by the "source file may be in use," "disk is full," and other red-herring messages. The key here is "Access is denied."