2-11: Preventing Users from Changing Permissions on Their Own Files
Type of solution
Features and tools
The Owner Rights identity
New to Windows Server 2008, the Owner Rights identity enables administrators to prevent object owners from changing the permissions of objects.
Decreased help desk calls, and reduced exposure to denial of service on file servers
For as long as I can remember, Windows administrators have fought a battle to prevent users from changing permissions on their own files or folders. When a user creates a file on a Windows system, the user becomes the owner of the object. An object's owner has a built-in right to modify the security descriptor of the object. The idea behind ...