replacing administrators group with domain admins ... file permissions
what I am trying to do is find a way to replace the administrators group on all file permissions with the domain admins group. And or add the domain admins group to all files and folders dispite there allowable inherited permissions settings.
The issue is we are moving our data to a NAS that is based on a linux platform. Although it is compatible with windows permissions we have found that it does not understand built in groups such as the administrators group.
therefore what happens is if you copy files with for example an administrators having full access and a specific user having read only the administrator group is dropped because it does not understand it.
Our file permission structure is deep and it would be almost impossible to do this manualy as alot of our subfolders do not allow inherited permissions.
any help would be appreciated.
The issue is we are moving our data to a NAS that is based on a linux platform. Although it is compatible with windows permissions we have found that it does not understand built in groups such as the administrators group.
therefore what happens is if you copy files with for example an administrators having full access and a specific user having read only the administrator group is dropped because it does not understand it.
Our file permission structure is deep and it would be almost impossible to do this manualy as alot of our subfolders do not allow inherited permissions.
any help would be appreciated.
The exact syntax for reassigning all permissions to a new group (instead of ownership, as in the previous question) is as follows:
subInAcl /outputlog=C:\subACElog.tx
subInAcl /outputlog=C:\subACElog.tx
Oh, sorry: %newowner% is the name of the variable I used; you can simple insert "Domain Admins" (with quotes) instead
ASKER
sorry i am not familiar with writing scripts. How do I write and execute them? Perhaps it would be safer to add the domain admins group rather than replacing it... would there be a script for that?
thanks
thanks
If you prefer to add permissions, instead of replacing them, this is a really simple code snippet for this function: just copy it inside a text file, save the file as SOMETHING.cmd, then simply double click on it. It will ask some simple questions to you, you only have to answer and press enter.
PLEASE remember this is not 100% foolproof, so test it in a non-production environment first, AND read carefully subinacl documentation before doing anything else. A full backup is always welcome.
@echo off
setlocal
echo Write the name of the server you are using
set /p nameofserver=
echo Write the name of the folder (in \\servername), you are giving access to:
set /p cartel=
echo.
:user
echo Write the name of the user, you are giving rights to:
set /p userallowed=
echo.
:test
echo Write the permissions to allow:
echo.
echo F Full Control (default)
echo C Change
echo R Read
echo P Change Permissions
echo O Take Ownership
echo X eXecute
echo E Read Execute
echo W Write
echo D Delete
set /p right=
IF NOT '%right%'=='' SET right=%right:~0,1%
IF NOT "%right%"=='' subInAcl /outputlog=C:\subdir2.txt /subdirectories=directorie
echo.
echo Give other users some other rights? (Y-N)
set /p again=
if /i "%again%" == "Y" goto user
endlocal
pause
PLEASE remember this is not 100% foolproof, so test it in a non-production environment first, AND read carefully subinacl documentation before doing anything else. A full backup is always welcome.
@echo off
setlocal
echo Write the name of the server you are using
set /p nameofserver=
echo Write the name of the folder (in \\servername), you are giving access to:
set /p cartel=
echo.
:user
echo Write the name of the user, you are giving rights to:
set /p userallowed=
echo.
:test
echo Write the permissions to allow:
echo.
echo F Full Control (default)
echo C Change
echo R Read
echo P Change Permissions
echo O Take Ownership
echo X eXecute
echo E Read Execute
echo W Write
echo D Delete
set /p right=
IF NOT '%right%'=='' SET right=%right:~0,1%
IF NOT "%right%"=='' subInAcl /outputlog=C:\subdir2.txt /subdirectories=directorie
echo.
echo Give other users some other rights? (Y-N)
set /p again=
if /i "%again%" == "Y" goto user
endlocal
pause
ASKER
what do you mean not 100% foolproof?
It means that I have used in my network, but I know perfectly what it does and it suits my needs, but you might want to check it, as I cannot read your mind, nor do I know how is your network setup. :)
ASKER
Ok... thanks
ASKER
I guess I am not getting it... I keep getting Failed
name of server - DC001
folder name - d$\test (is this right and how do I do subfolders as well)
name of user - domain admins
permissions - F
name of server - DC001
folder name - d$\test (is this right and how do I do subfolders as well)
name of user - domain admins
permissions - F
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you need a script to do this, for example with Subinacl.
I already answered a similar question before:
https://www.experts-exchange.com/questions/21782476/Take-Ownership.html
Elbereth.