I have a Windows 10 machine that is not connected to a domain, and I have multiple local users. In order to free up space on my primary drive, I decided to move their Documents libraries to a second drive. To do this, I created a new directory (e.g. "I:\users\UserA"
) and set the Documents location to this new location.
I have a few questions regarding the ownership and permissions of these directories and files:
- Who should be the owner of
"I:\users"
? - Who should be the owner of
"I:\users\UserA"
? - What should the permissions of the files in
"I:\users\UserA"
be?
Thank you in advance for any help you can provide!
3 Answers
As a system administrator, it’s important to ensure that the correct ownership and permissions are set for the Users folder and individual user folders on a Windows system. The Users folder, which contains user profiles and settings, should be owned by the built-in Windows account called NT AUTHORITY\SYSTEM
. This ensures that the system has full control over the folder and its contents.
In addition, each individual user folder should also be owned by the SYSTEM
account, but with the user themselves given “full access” permissions. This means that the user can read, write, and modify files in their own folder as needed. These permissions should be set to inherit from the parent folder, so that any files created or moved into the user’s folder will also have these permissions.
For example, if UserA
has a folder at I:\users\UserA
, the permissions for that folder should be set to give UserA
full access, while the ownership should be set to SYSTEM
. This ensures that UserA
can work with their files as needed, but that the system still has overall control over the folder and its contents.