Using an Admin user account on Windows Server 2019, I am trying to change NTFS permissions for a user account on %ProgramFiles%, %ProgramFiles(x86)%, and %WinDir%, but I get an access denied error since the folders are owned by TrustedInstaller.
- I've tried both basic and advanced permissions dialog, and if I use advanced dialog to change permissions on
C:, it fails on those three folders when propagating the changes to sub items - I assume it may be possible to change ownership on the folders, but I also assume that doing so would not be a good idea
Why does this happen and is there a way to avoid it?
- What I'm trying to achieve is to sandbox a user account, denying execute permission for all apps, except for two that will be used with a single automated purpose - one of which is located in a subfolder of
%ProgramFiles%, the other on a separate drive.