Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

replacing administrators group with domain admins ...   file permissions

Posted on 2006-11-28
10
Medium Priority
?
209 Views
Last Modified: 2010-04-13
what I am trying to do is find a way to replace the administrators group on all file permissions with the domain admins group.    And or add the domain admins group to all files and folders dispite there allowable inherited permissions settings.

The issue is we are moving our data to a NAS that is based on a linux platform.   Although it is compatible with windows permissions we have found that it does not understand built in groups such as the administrators group.

therefore what happens is if you copy files with for example an administrators having full access and a specific user having read only the administrator group is dropped because it does not understand it.

Our file permission structure is deep and it would be almost impossible to do this manualy as alot of our subfolders do not allow inherited permissions.

any help would be appreciated.
0
Comment
Question by:Zoldy2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 11

Expert Comment

by:elbereth21
ID: 18027680
Hi Zoldy2000,
you need a script to do this, for example with Subinacl.
I already answered a similar question before:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21782476.html

Elbereth.
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 18027708
The exact syntax for reassigning all permissions to a new group (instead of ownership, as in the previous question) is as follows:
subInAcl /outputlog=C:\subACElog.txt /subdirectories  "\\SERVERNAME\%FOLDERNAME%\*.*" /replace=administrators="%newowner%"
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 18027722
Oh, sorry: %newowner% is the name of the variable I used; you can simple insert "Domain Admins" (with quotes) instead
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
LVL 2

Author Comment

by:Zoldy2000
ID: 18028316
sorry i am not familiar with writing scripts.   How do I write and execute them?  Perhaps it would be safer to add the domain admins group rather than replacing it...  would there be a script for that?

thanks

0
 
LVL 11

Expert Comment

by:elbereth21
ID: 18028420
If you prefer to add permissions, instead of replacing them, this is a really simple code snippet for this function: just copy it inside a text file, save the file as SOMETHING.cmd, then simply double click on it. It will ask some simple questions to you, you only have to answer and press enter.
PLEASE remember this is not 100% foolproof, so test it in a non-production environment first, AND read carefully subinacl documentation before doing anything else. A full backup is always welcome.


@echo off
setlocal

echo Write the name of the server you are using
set /p nameofserver=

echo Write the name of the folder (in \\servername), you are giving access to:
set /p cartel=
echo.

:user
echo Write the name of the user, you are giving rights to:
set /p userallowed=
echo.

:test
echo Write the permissions to allow:

echo.
echo F Full Control (default)
echo C Change
echo R Read
echo P Change Permissions
echo O Take Ownership
echo X eXecute
echo E Read Execute
echo W Write
echo D Delete

set /p right=

IF NOT '%right%'=='' SET right=%right:~0,1%

IF NOT "%right%"=='' subInAcl /outputlog=C:\subdir2.txt /subdirectories=directoriesonly  "\\%nameofserver%\%cartel%\*.*" /grant="%userallowed%"=%right% ELSE goto test
echo.
echo Give other users some other rights? (Y-N)
set /p again=
if  /i "%again%" == "Y" goto user
endlocal
pause
0
 
LVL 2

Author Comment

by:Zoldy2000
ID: 18028453
what do you mean not 100% foolproof?
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 18028472
It means that I have used in my network, but I know perfectly what it does and it suits my needs, but you might want to check it, as I cannot read your mind, nor do I know how is your network setup. :)
0
 
LVL 2

Author Comment

by:Zoldy2000
ID: 18028825
Ok...  thanks
0
 
LVL 2

Author Comment

by:Zoldy2000
ID: 18029164
I guess I am not getting it...  I keep getting Failed
name of server  - DC001
folder name -   d$\test   (is this right and how do I do subfolders as well)
name of user - domain admins
permissions - F
0
 
LVL 11

Accepted Solution

by:
elbereth21 earned 2000 total points
ID: 18029409
I tested and it works, anyway:
1) check that you have administrator's permission on the folder (because you are using administrative shares with $)
2) change the script this way:
instead of /subdirectories=directoriesonly  
use /subdirectories
This way, you'll change permissions for all objects in the path you specify.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question