Who should be the owner of newly created files when the creator is in the local Administrators group
realrichardsharpe at gmail.com
Sat Apr 28 22:52:00 MDT 2012
When users who are members of the local Administrators group
access objects on Windows Server 2003, the Default Owner field in the
user’s access token contains the SID for the Administrators group, not
the SID for the user. A similar rule applies to users who access
objects in Active Directory. If the user is a member of the Domain
Admins group, the Default Owner field in the user’s access token
contains the SID for the Domain Admins group. In both cases, objects
that the user creates or takes ownership of are owned by the group,
not by the individual user."
This suggests that we currently do the wrong thing, I think, when we
create a file and the creator is in the local Administrators group.
More information about the samba-technical