TrueNas SMB taking ownership does not seem to work on unaccesible files with 'Administrators Group' setting

elco · January 3, 2026, 5:35pm

Hello all!

I upgraded my TrueNas CE installation from 25.04 to 25.10.1. I am using it to provide a few SMB shares to access from Windows machines, all of which live in a Active Directory environment. The TN is also domain joined.

In the SMB service settings, I have specified the “Administrators Group” option to be the domain admins group. I want to use this feature to have control over all files hosted in the shares, regardless of what NTFS permissions were set on any files within the share. I prefer to manage NTFS permissions via the Windows Explorer dialogue and not via TN Shell.

To test this setting, I have created a file (test.txt) on the share and only granted permission to one domain user, who is not a domain administrator. Then, I tried to reclaim ownership using a domain admin account, but this does not work:

PS C:\> takeown /f \\<tn_fqdn>\<somefolder>\test.txt
ERROR: Access is denied.

If I try to recursively take ownership via of <somefolder>, it also only outputs a message for that folder, but no the files within:

PS C:\> takeown /r /d y /f \\<tn_hostname>\<somefolder>

SUCCESS: The file (or folder): "\\<tn_hostname>\<somefolder>" now owned by user "CONTOSO\Administrator".

The SeTakeOwnershipPrivilege privilege was granted within the PS instance (before running the prior commands):

PS C:\> whoami
contoso\administrator

PS C:\> whoami /priv

PRIVILEGES INFORMATION
----------------------

Privilege Name                  Description                               State
=============================== ========================================= =======
SeTakeOwnershipPrivilege        Take ownership of files or other objects  Enabled

On the TN server, I see that my specified group was automatically added to BUILTIN\Administrators, which appears to have also been granted automatically the SeTakeOwnershipPrivilege privilege:

root@tn:~# net sam listmem 'BUILTIN\Administrators'
BUILTIN\Administrators has 2 members
 CONTOSO\Domain Admins
 TN\builtin_administrators

root@tn:~# net sam rights list SeTakeOwnershipPrivilege
BUILTIN\Administrators

Is there any additional settings I need to adjust? I greatly appreciated any help!

elco · January 3, 2026, 5:39pm

EDIT: in my first code block, please replace

with <tq_hostname> (typo, cannot edit yet).

elco · March 6, 2026, 6:45pm

I also tried a fresh installation of 25.10.2.1 without success.

I managed to work around the issue by converting my shares to type “Legacy Share” (from “Default Share”), as it enables the “Additional Parameters String” share setting again. Note that you have to do this in the TN shell.
There, I specified the admin users option from smb.conf to be the domain admins group. After restarting the SMB service, my goal was achieved.

Topic		Replies	Views
SMB Private Share not accesible by TN users ser when AD is setup TrueNAS General SCALE , SMB	0	26	January 5, 2026
Creating a new folder on SMB share creates multiple new folders without permissions TrueNAS General SCALE , SMB	12	1004	October 1, 2024
I'm having trouble authorizing a non-domain user (on a non-domain Windows PC) to an SMB Share on a TrueNAS (25.10.0.1) TrueNAS General	3	65	November 20, 2025
One of two SMB shares not showing files despite identical setups TrueNAS General SCALE , SMB	2	56	September 16, 2025
Getting permissions to work on an SMB share mounted to Linux TrueNAS General	5	67	December 9, 2025

TrueNas SMB taking ownership does not seem to work on unaccesible files with 'Administrators Group' setting

Related topics