[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Restrict Take Ownership Right on Folders? NTFS Permission Question

Posted on 2011-04-22
Medium Priority
Last Modified: 2012-05-11
Is there a way to restrict the 'take ownership right' on folders to just one account? Please advise.
Question by:mmoya
  • 3
LVL 31

Accepted Solution

Justin Owens earned 2000 total points
ID: 35448479
Anyone with Admin rights to the server can perform this action.  The only way to restrict it is to remove Admin rights.


Expert Comment

ID: 35448488
If the data is that sensitive and the admins are not sufficiently trusted, then find a different place to hold the data or userights management, encryption, or some other means to protect the data.
You may remove the ability of members of the Administrators group to take
ownership, but it is all or none, not something you may selectively remove
for just the one folder. Anyway, removing that right would not prevent them
from getting at the data (consider the backup/restore route). Just a food for thought.  

I have included a link below to help you out.


LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 2000 total points
ID: 35448529

How would you go about limiting a server Administrator from taking ownership of a file?  I am not aware of such a restriction.  An alternative would be to encrypt that data if it is a sensitivity issue.


Author Comment

ID: 35448748
Thank you for your inputs.

What about restricting it via the group policy? Would the setting below work?

Computer Configuration\Security Settings\Local Policies\User Rights Assignment\

Take ownership of files or other objects -> to whatever account we wish to use?
LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 2000 total points
ID: 35449018
That will grant the users specified the right.  It will not remove the right from Administrators.


Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question