Taking Ownership Remotely May Set Owner Incorrectly (183054)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0 Terminal Server Edition
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server, Enterprise Edition 4.0
This article was previously published under Q183054

SYMPTOMS

When you take ownership of a file or directory remotely, it is possible that the new owner of the object may not be the user that you would expect it to be. To illustrate the issue, consider the following scenario:

You have two domains, DOMAINA and DOMAINB. There is no trust relationship between them. You log on interactively to a Windows NT client in DOMAINA as a regular domain user, for example, DOMAINA\Fred. You then connect to a shared folder on a server in DOMAINB, using the DOMAINB\Administrator credentials. At the client, take ownership of a shared file or folder on the computer in DOMAINB.

When you check ownership of the file at the remote server, you see that the owner is recorded as DOMAINA\Fred. Note that, in order to reproduce this behavior, you must know the administrator account name and password for DOMAINB.

-or-

If the user attempting to take ownership of the file or folder is a member of the local administrator's group, you will receive the following error:

The following error occurred applying security information to
\\server\share\directory. This security ID may not be assigned as the
owner of this object. Do you wish to continue.

CAUSE

The client computer does not look up the user name that was used to connect to the remote system. This behavior is inconsistent with file creation; for example, when you create a file on a remote system having connected in the manner described above, ownership of the file is set to the account with whose credentials you connected.

Note that this inconsistency is only made possible by the fact that, by default, administrators have the Restore Files and Directories (SE_RESTORE_NAME) privilege. Having this privilege allows a process to set the ownership of the file or folder in this way.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack


Alternatively, if the user was a member of the local administrators group, remove him from the local admin group or obtain the above hotfix.

STATUS

Microsoft has confirmed that this is a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.
Modification Type:MinorLast Reviewed:9/23/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbQFE KB183054
©2004 Microsoft Corporation. All rights reserved.