locked
Win Server Partition Permissions RRS feed

  • Question

  • Dear

    am trying to lock a windows server 2008 r2 partition to only one domain admin
    so it is accessible and shared to one domain admin even the administrator cannot change the permission or the owner of the partition

    Thursday, April 23, 2015 11:07 AM

Answers

  • Hi,

    lock a windows server 2008 r2 partition to only one domain admin
    so it is accessible and shared to one domain admin even the administrator cannot change the permission or the owner of the partition

    This goal cannot be achieved, since members of domain admins group have full control over the domain, even if they get denied from something, they can grant themselves access permissions back.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Monday, April 27, 2015 1:40 AM
    • Marked as answer by Amy Wang_ Sunday, May 10, 2015 1:10 PM
    Friday, April 24, 2015 1:40 AM
  • If you mean access to shared directory, then deny may be effective. However there is a return path with take ownership.

    I am afraid that you are on wrong track. Use user account with special rights.

    If you reveal your intentions more closelysomeone may suggest optimal solution.

    M.

    • Proposed as answer by Amy Wang_ Monday, April 27, 2015 1:40 AM
    • Marked as answer by Amy Wang_ Sunday, May 10, 2015 1:10 PM
    Saturday, April 25, 2015 5:46 AM

All replies

  • Hi,

    lock a windows server 2008 r2 partition to only one domain admin
    so it is accessible and shared to one domain admin even the administrator cannot change the permission or the owner of the partition

    This goal cannot be achieved, since members of domain admins group have full control over the domain, even if they get denied from something, they can grant themselves access permissions back.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Monday, April 27, 2015 1:40 AM
    • Marked as answer by Amy Wang_ Sunday, May 10, 2015 1:10 PM
    Friday, April 24, 2015 1:40 AM
  • Thanks for the reply

    can i lock it using Bitlocker Drive Encryption tool or any other encryption tool so that only one admin can access the partion but also keep it shared

    Saturday, April 25, 2015 5:11 AM
  • If you mean access to shared directory, then deny may be effective. However there is a return path with take ownership.

    I am afraid that you are on wrong track. Use user account with special rights.

    If you reveal your intentions more closelysomeone may suggest optimal solution.

    M.

    • Proposed as answer by Amy Wang_ Monday, April 27, 2015 1:40 AM
    • Marked as answer by Amy Wang_ Sunday, May 10, 2015 1:10 PM
    Saturday, April 25, 2015 5:46 AM