File Auditing and Ownership

File and folder auditing and the concept of file ownership still also exist when (and only when) we use the NTFS file system. This is important to consider, especially because you may have trouble finding where things get set up in Windows 2000. To begin, ownership and auditing settings are found behind the Advanced button on the security tab of the properties of a file or folder on an NTFS volume.

Audit settings for a particular file or folder are controlled from the Auditing tab of that resource. This only controls what elements of this resource you wish to audit, similar to NT 4. Auditing, however, is not enabled by default of a Windows 2000 Professional system, so if you wish to audit files and folders, you must first create an Audit Policy. In W2K Pro, this is now done via the Local Security Settings console (which can also be accessed from within the Group Policy tool).

The concept of ownership remains very similar to that of Windows NT 4. It is now controlled from the Owner tab of the advanced security settings of a file or folder. Simply, the person who creates a file is the owner, and can always change permissions on that file. However, anyone with Full Control or the advanced permission Take Ownership can take ownership of a file or folder. The exception to this rule is a person with administrator-level privileges, who can always take ownership, even if they have no NTFS permissions to a file or folder. Ownership can still only be taken and not given.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.