• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 770
  • Last Modified:

Take Ownership Special Permission

I granted the "Take Ownership" special permission to the user TestUser on TestDocument.doc.  When I go to the "Owner" tab on the Advanced Security Settings dialog form, however, TestUser was not listed as one of the potential object owners.  The only objects listed as potential owners were the local Administrators group and all users in the Administrators group.  Why didn't TestUser show up in the list?
0
jdana
Asked:
jdana
3 Solutions
 
jax79sgCommented:
This is a security setting in your local policy.

Open up Control Panel -> Administrative Tools -> Local Security Policy
Under Local Policies->User rights assignment, you should find an entry named 'Take ownership of files or other objects'. Add TestUser into the entry and TestUser will show up in the Take Ownership tab you mentioned.

Note: May require reboot to take effect.
0
 
qz8dswCommented:
Hello jdana,

As per http://technet2.microsoft.com/windowsserver/en/library/d19deba6-0260-4064-8dee-b2918d10edfb1033.mspx?mfr=true
Deny acl's take precedence over allow.
So if Testuser was a member of the users group, even though the user has take ownership privilidge is the users group is listed in the security settings and it has a deny for take ownership then TestUser will not have that ability.

jax79sg's option grants abit more access than just access to one file.
http://blogs.msdn.com/oldnewthing/archive/2005/08/18/453054.aspx
"But what about SeTakeOwnershipPrivilege? That privilege is assigned to administrators, and it lets you act as if you had WRITE_OWNER access (but not SeRestorePrivilege) to everything. With SeTakeOwnershipPrivilege, you can take ownership of any file, but you can't assign it to somebody else."

Cheers,
Terry
0
 
Ron MalmsteadInformation Services ManagerCommented:
you might have to reboot, or at least logoff then back on as testuser for it to show you the option...
also there cannot be any deny permissions on any group that testuser is a member...  deny overrides allow.

Security policies are applied at logon in this order....   domain > ou > local
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now