This is what I did on my Windows 2008r2
Logged in as Administrator (UAC is disabled for a test sake)
Select a folder
Edit Advanced Permissions
Uncheck"Include inheritable permissions" and click on Remove button to remove inheritable permissions
Got a message "No one will be able to access the folder except for the owner". At this point I thought that Administrator should still have access and "no one" doesn't apply to me :)
After answering OK, I lost all control over the permissions window and got "Access denied" message. The only option was to take ownership and put back Administrator with Full Control.
Is there a Linux root equivalent in Windows that can have access to a file without granting full control?
If not, is the only option to administrate files in Windows is to give Administrator Full Control to ALL files (I'm excluding the take ownership option as not practical)?
Answer
Is there a Linux root equivalent in Windows that can have access to a file without granting full control?
No. Unless your Administrator user has permissions to perform an action on a file (either explicitly, or through group membership), he will not be able to perform the action on the file.
The exception, which you have noted, is file/folder ownership. An administrative user will always be able to take ownership of a file, and change permissions that way.
If not, is the only option to administrate files in Windows is to give Administrator Full Control to ALL files (I'm excluding the take ownership option as not practical)?
It's not especially clear what you mean by this, but in general, if you want a user to administer a file or folder, yeah, they need to have the filesystem permissions to do so.
No comments:
Post a Comment