troubleshooting Question

how do I prevent NTFS "change permissions" from being granted to the owner of files on Windows 2012 shared folder?

Avatar of Intelli-Seeker
Intelli-SeekerFlag for United States of America asked on
* NTFS* permissionWindows Server 2012* Fileshares
3 Comments1 Solution98 ViewsLast Modified:
I'm trying to build a share where users can create and manage their own files, but not those belonging to others.  
Steps I've taken:
  1. I create the folder 'sharename', remove all inheritance
  2. add domain and local admins with "full Control" access.
  3. add "Creator/Owner" with all advanced permissions except "full Control", "Change permissions", and "Take ownership"
  4. add Authenticated Users with "Traverse folder/execute file", "List folder/read data", "Read attributes", "Create Files/write Data", and "Read permissions"
 
So here's the issue:  When USER_A creates a file on the share, their user ID becomes the owner of the file, and they should get all of the permissions granted to the owner as noted above, but what happens is that they get those, but in addition they also get the "change permissions" access.

Where does that "change permissions" access come from, and how can I prevent the user from getting it when they create a file?
ASKER CERTIFIED SOLUTION
Robert Retzer
Computer Service Technician

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros