I have a Windows Server 2008 32-bit with SP2 that we use to scan files before they are sent out to a customer. I have installed the FTP 7.5 for IIS 7.0 onto the server and configured a directory to require basic authentication. On our previous IIS 6.0 Server 2003 box, this would let us upload files and the owner would be assigned to whoever logged into our FTP server. The new setup isn't working, sets everyone to administrator. We found a server 2003 GPO that doesn't seem to exist anymore in Server 2008: Policy Setting System objects: Default owner for objects created by members of the Administrators group Object creator Our GPO expert created a script that she hoped would resolve this, but I'm still running into issues. Can I get a little help on this?

By default (out of the box, no GPO policy changes) the following rules are in place for all new file and folder creation. 1) If the user is a member of the Administrators group, then the Administrators group is assigned as the owner 2) If the user is NOT a member of the Administrators group, then they (the object creator) is assigned as the owner. It seems that given this, that the obvious answer is the USER creating the file is a member of the Administrators group....or the default policy that applies to #2 has been changed. The policy setting System objects: Default owner for objects created by members of the Administrators group corresponds to #1 above, but has been changed for the default setting. Since this was set on your OLD 2003 server, it seem the user uploading the file may have been a Local Administrator and you used this policy to override the default behavior of Windows. I would verify that the users are not local administrators, then grant them the appropriate permissions to create files. That should fix the issue.

That makes sense why I'm not working then, because I am an admin on this box. Is there a way that I can circumvent this issue, so that I can upload files and have them set as though I created them?

Use a different account to upload files, check for that user and not your user.

Additional to Gunner’s explanation: Excerpt from: How Owners Are Assigned and Changed http://technet.microsoft.com/en-us/library/cc961992.aspx By default, a new object's owner is the security principal identified as the default owner in the access token attached to the creating process. When an object is created, the SID stored in the access token's Owner field is copied to the security descriptor's Owner field. The default owner is normally an individual—the user who is currently logged on. The only exceptions occur when the user is a member of either the Administrators group or the Domain Admins group. In both cases, the Owner field in the user's access token contains the SID for the group, not the SID for the individual user account. The assumption is that administrative accounts are used only to administer the system and not for any individual purpose. As a result, objects created by one administrator can be managed by other administrators in the same group. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.