In Windows 2003/XP Pro that can be done in security policy [Local Security
Policy is via secpol.msc] for the security option for system objects:
default owner for objects created by administrators which you can change
from default to object creator. Windows 2000 does not have that security
option but for Windows 2003 that registry key is shown below and you may
want to try and manually configure it to see if it works for Windows 2000
though I have not tried it myself. Otherwise you will have to enable
auditing of object access and then audit the folders you want to track for
create files permission for folder and subfolders. This is far from a user
friendly process but the information can be obtained that way be parsing the
object access events in the security logs and Event Comb can greatly help by
allowing you to search for specific Event IDs and txt strings such as
filename and username. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640 ---
auditing of folders.
http://www.microsoft.com/technet/se...ndmonitoring/securitymonitoring/smpgch02.mspx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nodefaultadminowner:
0x00000000 --- administrators
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nodefaultadminowner:
0x00000001 ---object owner
