Change in default value of Restrictchown on Windows 2008 R2


Users accessing NFS shares from a Windows Server 2008 R2 based NFS server may get the error “Permission Denied” while trying to run the ‘chown’ command from UNIX NFS clients. This can happen even though the user is the owner of the files. The UNIX "root" user does not exhibit these issues.

More Information

This behavior is caused due to the change in default value of the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerForNfs\CurrentVersion\Exports\RestrictChown" registry key for Server for NFS component in Windows Server 2008 R2. This change was introduced with Windows 2008 R2 and was different with respect to the default Windows behavior. 

This change was introduced due to the following considerations:

  1. It heightens the default security by preventing change of ownership where root user is not involved.
  2. A number of UNIX implementations exhibit the same behavior where change of ownership by normal users is not permitted by default.

o change this behavior, change the value of the following registry key to 0 and restart Server for NFS:


In a failover cluster environment, run the following command to set this value:

cluster resource <NFS-Resource> /privproperties RestrictChown=0

On Windows Server 2008 and earlier, you can change the value of this registry key to 1 to change the chown behavior to match that of Windows Server 2008 R2.

文章識別碼:2708985 - 最後檢閱時間:2012年5月2日 - 修訂: 1