Solved

More Fun with Folder Permissions

Posted on 2004-09-29
7
182 Views
Last Modified: 2010-04-19
I've given a user rights to create a new user in the active directory w/ an e-mail account. I also had to give him full rights to the root home directory for the users so that he would have permission to create a folder for the new user and copy the common files into the folder. I've written a batch script that does all of this for him, so that all he needs to do in order to create a new user is type in the new user's first and last name. Everything else is automated.

With that said, is it possible to restrict the account that I've given those permissions to so that he can create new folders in the root home directory and copy new files into those folders from a common folder, but so that he cannot view or modify the folder afterwards?
0
Comment
Question by:Grime121
  • 4
  • 3
7 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 12183262
Hi,

You could try and give him specified permissons (deny permissions i mean). You could also try and only give him the create folder and subfolders rights and make sure not to give him the change rights..

You cannot make sure that he, after creating, cannot see the folder (it could also be tried by using the Deny List permissions, but i'm afraid he will losse more rights...)
0
 
LVL 1

Author Comment

by:Grime121
ID: 12183792
He needs to be able to change permissions on the folder as well though so that he can give the new user full control over the folder after the user and folder are created.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12183851
Hi,

You could try it, but here's my suggestion. Make sure to Deny acces to list the folder cannot be set (he cannot check if the folder was created well, and cannot change permissions), right to a folder is rights to a folder. You can try to only give him "Changing Permissions" rights and "Create Folder / Add Data"..
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:Grime121
ID: 12186373
Ok, I've almost got it working how I want it. I just need to change the owner of the folder once it's created. If I leave it how it is, the person who's creating the new user folder is left as the owner, and as the owner they have full control over the folder regardless of their account's permissions on the folder. What is the command I can use in a batch script to change the owner of the folder to 'Administrator'?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12187304
Hi,

There isn't. You eed to be logged in as the admin and then take permissions for the folder.

You could try doing it with the takeowner.pl tool (only 2000 machines), here's a link on how to..

http://support.microsoft.com/default.aspx?scid=kb;en-us;q320046
0
 
LVL 1

Author Comment

by:Grime121
ID: 12194134
Ok, what if I mapped the drive w/ the admin's credintials before making the folder, and then used the mapped drive path to make the folder. Would it then use the Admin credintials to create the folder, or would it still use the user that ran the script's credintials?
0
 
LVL 23

Accepted Solution

by:
rhandels earned 500 total points
ID: 12194647
Hi,

If you map a drive using different credentials, then all that is change or created (or done for all that matter) is being done by the users you mapped the drive with, so indeed, if you create a folder on a mapped folder with tha dmin account, it will be the owner (this mapping and it's folders isn't aware of the actual user being logged in).

Bu then, if you map it like this, you would give the specified user the admin rights to this folder, and i'm not quite sure if that's an option...
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
A short film showing how OnPage and Connectwise integration works.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now