Change in default value of Restrictchown on Windows 2008 R2

Users accessing NFS shares from a Windows Server 2008 R2 based NFS server may get the error “Permission Denied” while trying to run the ‘chown’ command from UNIX NFS clients. This can happen even though the user is the owner of the files. The UNIX "root" user does not exhibit these issues.

This behavior is caused due to the change in default value of the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerForNfs\CurrentVersion\Exports\RestrictChown" registry key for Server for NFS component in Windows Server 2008 R2. This change was introduced with Windows 2008 R2 and was different with respect to the default Windows behavior. 

This change was introduced due to the following considerations:

  1. It heightens the default security by preventing change of ownership where root user is not involved.
  2. A number of UNIX implementations exhibit the same behavior where change of ownership by normal users is not permitted by default.

o change this behavior, change the value of the following registry key to 0 and restart Server for NFS:


In a failover cluster environment, run the following command to set this value:

cluster resource <NFS-Resource> /privproperties RestrictChown=0

On Windows Server 2008 and earlier, you can change the value of this registry key to 1 to change the chown behavior to match that of Windows Server 2008 R2.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2708985 - Last Review: 05/02/2012 14:33:00 - Revision: 1.0

Windows Server 2008 R2 Enterprise

  • KB2708985