Archived from groups: microsoft.public.win2000.group_policy (
More info?)
I have tested and there is NO policy at all that can restrict an individual
with administrative rights on a computer from taking ownership; however, we
can set file permissions on the folder through group policy, but the
individual could still take ownership, change permissions, then, at group
policy refresh, the file settings are changed back, but the file changes
would have already taken place.
I agree that they should be trusted or not be administrators, and this is
the only policy I support, and will continue to do so.
These admins are file server admins, but some of them are not knowledgeable
regarding DFS and the replication consequences of introducing too many files
tp the DFS system.
Thanks again for the responses and thoughts.
--
MCSE: Security, CCNA, A+, Network +, Security+
"Ken B" wrote:
> If the issue is of trusting the administrators on a domain to not 'abuse' or
> 'misuse' their 'power', then perhaps they should not be administrators?
>
> Ken
>
> "Denis Wong @ Hong Kong" <H_O_T_A_P_P_S_@_H_O_T_M_A_I_L_._C_O_M> wrote in
> message news:umAww01hFHA.1788@TK2MSFTNGP12.phx.gbl...
> > Hi,
> >
> > Pls point out exactly which policy that stops administrators from taking
> > ownership which I am not aware of.
> >
> > If administrators cannot take ownership, then you might end up with files
> > that no one can access.
> >
> > br,
> > Denis
> >
> > "wosully" <wosully@discussions.microsoft.com> wrote in message
> > news:056CDE2A-9EE2-47D0-A527-30F4D17E894C@microsoft.com...
> >> Wouldn't group policy be able to stop a group from taking ownership
> > through
> >> the File System permissions setting, under Widows settings, security
> >> settings? It looks like it could, but I don't know if it woould work
> >> with
> >> DFS and if admins really could take ownership then.
> >>
> >> --
> >> MCSE: Security, CCNA, A+, Network +, Security+
> >>
> >>
> >> "Denis Wong @ Hong Kong" wrote:
> >>
> >> > Hi wosully,
> >> >
> >> > AFAIK, no.
> >> >
> >> > Administrator can always take ownership.
> >> >
> >> > br,
> >> > Denis
> >> >
> >> > "wosully" <wosully@discussions.microsoft.com> wrote in message
> >> > news:543571E6-3366-4A36-B9B3-83A4F1F0A8FD@microsoft.com...
> >> > > Hi All,
> >> > >
> >> > > Is it possible to use group policy to secure distributed file system
> >> > shares
> >> > > on member servers, so that administrators of those servers can only
> > read
> >> > the
> >> > > DFS shares, not take ownership of the files or write to them, thus
> >> > affecting
> >> > > replication throughout the organization?
> >> > >
> >> > > Any comments about this or expierences would be appreciated, and I'll
> > buy
> >> > > you a Starbucks.
> >> > > --
> >> > > MCSE: Security, CCNA, A+, Network +, Security+
> >> >
> >> >
> >> >
> >
> >
>
>
>
Facebook
Twitter
Instagram