Take ownership of files or other objectsID: oval:org.secpod.oval:def:36542 | Date: (C)2016-08-05 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This security setting determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads.
Caution
Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users.
Default: Administrators.
Counter Measure:
Ensure that only the local Administrators group has the Take ownership of files or other objects user right.
Potential Impact:
None. This is the default configuration.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Take ownership of files or other objects
(2) REG: ###
(3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeTakeOwnershipPrivilege' and precedence=1
Platform: |
Microsoft Windows 10 |