Solved

More Fun with Folder Permissions

Posted on 2004-09-29
7
189 Views
Last Modified: 2010-04-19
I've given a user rights to create a new user in the active directory w/ an e-mail account. I also had to give him full rights to the root home directory for the users so that he would have permission to create a folder for the new user and copy the common files into the folder. I've written a batch script that does all of this for him, so that all he needs to do in order to create a new user is type in the new user's first and last name. Everything else is automated.

With that said, is it possible to restrict the account that I've given those permissions to so that he can create new folders in the root home directory and copy new files into those folders from a common folder, but so that he cannot view or modify the folder afterwards?
0
Comment
Question by:Grime121
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 12183262
Hi,

You could try and give him specified permissons (deny permissions i mean). You could also try and only give him the create folder and subfolders rights and make sure not to give him the change rights..

You cannot make sure that he, after creating, cannot see the folder (it could also be tried by using the Deny List permissions, but i'm afraid he will losse more rights...)
0
 
LVL 1

Author Comment

by:Grime121
ID: 12183792
He needs to be able to change permissions on the folder as well though so that he can give the new user full control over the folder after the user and folder are created.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12183851
Hi,

You could try it, but here's my suggestion. Make sure to Deny acces to list the folder cannot be set (he cannot check if the folder was created well, and cannot change permissions), right to a folder is rights to a folder. You can try to only give him "Changing Permissions" rights and "Create Folder / Add Data"..
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 1

Author Comment

by:Grime121
ID: 12186373
Ok, I've almost got it working how I want it. I just need to change the owner of the folder once it's created. If I leave it how it is, the person who's creating the new user folder is left as the owner, and as the owner they have full control over the folder regardless of their account's permissions on the folder. What is the command I can use in a batch script to change the owner of the folder to 'Administrator'?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12187304
Hi,

There isn't. You eed to be logged in as the admin and then take permissions for the folder.

You could try doing it with the takeowner.pl tool (only 2000 machines), here's a link on how to..

http://support.microsoft.com/default.aspx?scid=kb;en-us;q320046
0
 
LVL 1

Author Comment

by:Grime121
ID: 12194134
Ok, what if I mapped the drive w/ the admin's credintials before making the folder, and then used the mapped drive path to make the folder. Would it then use the Admin credintials to create the folder, or would it still use the user that ran the script's credintials?
0
 
LVL 23

Accepted Solution

by:
rhandels earned 500 total points
ID: 12194647
Hi,

If you map a drive using different credentials, then all that is change or created (or done for all that matter) is being done by the users you mapped the drive with, so indeed, if you create a folder on a mapped folder with tha dmin account, it will be the owner (this mapping and it's folders isn't aware of the actual user being logged in).

Bu then, if you map it like this, you would give the specified user the admin rights to this folder, and i'm not quite sure if that's an option...
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question