Q

Manage administrator rights in Windows Server 2003

Learn how to prevent users with administrator rights from deleting files in a Windows Server 2003 network.

We want to limit the current system administrator tasks. For example, we don't want users to be able to delete some files locally, even if that user has administrator's rights. Can Windows Server 2003 support this?
You can explicitly limit any administrator's rights to read, modify or delete files just by setting standard NTFS security. For example, you can set the DENY permission on a file or folder to the Administrator account or the Administrators group.

However, be aware that administrators will always have the ability to take ownership of a file or folder and modify

permissions as they see fit, thus granting themselves the privilege that was originally denied. (You can enable auditing on folders so at least this type of action will be recorded in the Security log.)

This was first published in February 2008

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close