Check or Attack Name: Take Ownership Privilege

A user has been detected with Take Ownership of Files or Other Objects privileges. This right is normally only granted to Administrators.

Verify user rights in User Manager.

To audit and revoke this privilege, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. From the Right list, select Take ownership of files or other objects.
4. Verify this right is set in accordance with your security policy.
5. To remove a user, select the user and click Remove.

Microsoft Knowledge Base Article Q170834, Take Ownership Remotely Does Not Log Security Event, http://support.microsoft.com/support/kb/articles/q170/8/34.asp

Microsoft Knowledge Base Article Q186374, Enable Auditing of Microsoft Windows NT Server Password Registry, http://support.microsoft.com/support/kb/articles/q186/3/74.asp