Solved

More Fun with Folder Permissions

Posted on 2004-09-29
7
188 Views
Last Modified: 2010-04-19
I've given a user rights to create a new user in the active directory w/ an e-mail account. I also had to give him full rights to the root home directory for the users so that he would have permission to create a folder for the new user and copy the common files into the folder. I've written a batch script that does all of this for him, so that all he needs to do in order to create a new user is type in the new user's first and last name. Everything else is automated.

With that said, is it possible to restrict the account that I've given those permissions to so that he can create new folders in the root home directory and copy new files into those folders from a common folder, but so that he cannot view or modify the folder afterwards?
0
Comment
Question by:Grime121
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 12183262
Hi,

You could try and give him specified permissons (deny permissions i mean). You could also try and only give him the create folder and subfolders rights and make sure not to give him the change rights..

You cannot make sure that he, after creating, cannot see the folder (it could also be tried by using the Deny List permissions, but i'm afraid he will losse more rights...)
0
 
LVL 1

Author Comment

by:Grime121
ID: 12183792
He needs to be able to change permissions on the folder as well though so that he can give the new user full control over the folder after the user and folder are created.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12183851
Hi,

You could try it, but here's my suggestion. Make sure to Deny acces to list the folder cannot be set (he cannot check if the folder was created well, and cannot change permissions), right to a folder is rights to a folder. You can try to only give him "Changing Permissions" rights and "Create Folder / Add Data"..
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 1

Author Comment

by:Grime121
ID: 12186373
Ok, I've almost got it working how I want it. I just need to change the owner of the folder once it's created. If I leave it how it is, the person who's creating the new user folder is left as the owner, and as the owner they have full control over the folder regardless of their account's permissions on the folder. What is the command I can use in a batch script to change the owner of the folder to 'Administrator'?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12187304
Hi,

There isn't. You eed to be logged in as the admin and then take permissions for the folder.

You could try doing it with the takeowner.pl tool (only 2000 machines), here's a link on how to..

http://support.microsoft.com/default.aspx?scid=kb;en-us;q320046
0
 
LVL 1

Author Comment

by:Grime121
ID: 12194134
Ok, what if I mapped the drive w/ the admin's credintials before making the folder, and then used the mapped drive path to make the folder. Would it then use the Admin credintials to create the folder, or would it still use the user that ran the script's credintials?
0
 
LVL 23

Accepted Solution

by:
rhandels earned 500 total points
ID: 12194647
Hi,

If you map a drive using different credentials, then all that is change or created (or done for all that matter) is being done by the users you mapped the drive with, so indeed, if you create a folder on a mapped folder with tha dmin account, it will be the owner (this mapping and it's folders isn't aware of the actual user being logged in).

Bu then, if you map it like this, you would give the specified user the admin rights to this folder, and i'm not quite sure if that's an option...
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question