2-11: Preventing Users from Changing Permissions on Their Own Files

Solution overview

Type of solution


Features and tools

The Owner Rights identity

Solution summary

New to Windows Server 2008, the Owner Rights identity enables administrators to prevent object owners from changing the permissions of objects.


Decreased help desk calls, and reduced exposure to denial of service on file servers


For as long as I can remember, Windows administrators have fought a battle to prevent users from changing permissions on their own files or folders. When a user creates a file on a Windows system, the user becomes the owner of the object. An object's owner has a built-in right to modify the security descriptor of the object. The idea behind ...

Get Windows® Administration Resource Kit: Productivity Solutions for IT Professionals now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.