Manage Learn to apply best practices and optimize your operations.

Manage administrator rights in Windows Server 2003

Learn how to prevent users with administrator rights from deleting files in a Windows Server 2003 network.

We want to limit the current system administrator tasks. For example, we don't want users to be able to delete some files locally, even if that user has administrator's rights. Can Windows Server 2003 support this?
You can explicitly limit any administrator's rights to read, modify or delete files just by setting standard NTFS security. For example, you can set the DENY permission on a file or folder to the Administrator account or the Administrators group.

However, be aware that administrators will always have the ability to take ownership of a file or folder and modify...

permissions as they see fit, thus granting themselves the privilege that was originally denied. (You can enable auditing on folders so at least this type of action will be recorded in the Security log.)

This was last published in February 2008

Dig Deeper on Windows Server and Network Security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.