Manage Learn to apply best practices and optimize your operations.

Manage administrator rights in Windows Server 2003

Learn how to prevent users with administrator rights from deleting files in a Windows Server 2003 network.

We want to limit the current system administrator tasks. For example, we don't want users to be able to delete some files locally, even if that user has administrator's rights. Can Windows Server 2003 support this?
You can explicitly limit any administrator's rights to read, modify or delete files just by setting standard NTFS security. For example, you can set the DENY permission on a file or folder to the Administrator account or the Administrators group.

However, be aware that administrators will always have the ability to take ownership of a file or folder and modify permissions as they see fit, thus granting themselves the privilege that was originally denied. (You can enable auditing on folders so at least this type of action will be recorded in the Security log.)

Dig Deeper on Windows Server troubleshooting

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.