Take Ownership Special Permission

Posted on 2007-10-21
Last Modified: 2008-01-09
I granted the "Take Ownership" special permission to the user TestUser on TestDocument.doc.  When I go to the "Owner" tab on the Advanced Security Settings dialog form, however, TestUser was not listed as one of the potential object owners.  The only objects listed as potential owners were the local Administrators group and all users in the Administrators group.  Why didn't TestUser show up in the list?
Question by:jdana
    LVL 7

    Accepted Solution

    This is a security setting in your local policy.

    Open up Control Panel -> Administrative Tools -> Local Security Policy
    Under Local Policies->User rights assignment, you should find an entry named 'Take ownership of files or other objects'. Add TestUser into the entry and TestUser will show up in the Take Ownership tab you mentioned.

    Note: May require reboot to take effect.
    LVL 15

    Assisted Solution

    Hello jdana,

    As per
    Deny acl's take precedence over allow.
    So if Testuser was a member of the users group, even though the user has take ownership privilidge is the users group is listed in the security settings and it has a deny for take ownership then TestUser will not have that ability.

    jax79sg's option grants abit more access than just access to one file.
    "But what about SeTakeOwnershipPrivilege? That privilege is assigned to administrators, and it lets you act as if you had WRITE_OWNER access (but not SeRestorePrivilege) to everything. With SeTakeOwnershipPrivilege, you can take ownership of any file, but you can't assign it to somebody else."

    LVL 25

    Assisted Solution

    by:Ron M
    you might have to reboot, or at least logoff then back on as testuser for it to show you the option...
    also there cannot be any deny permissions on any group that testuser is a member...  deny overrides allow.

    Security policies are applied at logon in this order....   domain > ou > local

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now