NTFS permissions - Block user to clear the Allow inheritable permissions from parent to propagate to this object

I'm assigning NFTS permissions to many folders. The problem I have is that many users are clearing the "'Allow inheritable permissions from parent to propagate to this object" check box, and even blocking administrators to enter this folders.
I want to know is there any way to disable that options, so users can only gave the permission the administrator gives to them. Thanxs.
juanc_oreAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MikkkCommented:
In order to block Users to change permissions, deny or uncheck the "Full Control" option in Security tab of this user, and make Full Control to Administrator Only.
Users will not be able to change permissions nor inheritance.
0
Darius GhassemCommented:
What permissions do you have setup for the users? If you give the users Full Control then they can remove the setting. Also, if the Everyone group has full control then the users have full control.
0
Brian PiercePhotographerCommented:
Quite correct - remove the Full Control option (of course your users must not be admins or they can put it back)

Note however that by default if the user creates a folder then as the owner/creator they get full control over that folder and there isn't much you can do about this (other than to take ownership away from them, which would be tedious)
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

juanc_oreAuthor Commented:
I have only assign the Modify permission to the users. In that parent folder the users can't change permissions. But, like KCTS said, if the user create a child folder, in that folder he can clear the "'Allow inheritable permissions from parent to propagate to this object" check box. With that option cleared, the user gets full control over that folder. I wan't to block users to being able to do this.
0
Brian PiercePhotographerCommented:
You can't - sorry - thats the way it works.
If a user is allowed to create a folder, then its reasonable that they can  control it.
All I can suggest is that you use xcacls command periodially to add the administrator
eg:

xcacls d:\*.* /G administrator:F /E

would grant administrator full control of all files on D:
0
Darius GhassemCommented:
There is a Group Policy that will remove the security tab off.
0
juanc_oreAuthor Commented:
Do you know which GPO can help me?
0
Darius GhassemCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
juanc_oreAuthor Commented:
Thank you very much. That really help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.