Details
This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user.
The recommended state for this setting is: Administrators.
Note: This user right is considered a ‘sensitive privilege’ for the purposes of auditing.
Rationale:
Any users with the Take ownership of files or other objects user right can take control of any object, regardless of the permissions on that object, and then make any changes they wish to that object. Such changes could result in exposure of data, corruption of data, or a DoS condition.
Impact:
None – this is the default behavior.
Solution
To establish the recommended configuration via GP, set the following UI path to Administrators:
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentTake ownership of files or other objects
Default Value:
Administrators.
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-225093
Rule ID: SV-225093r569186_rule
STIG ID: WN16-UR-000310
Severity: CAT II
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Media Protection.This control applies to the following type of system Windows.