Solved

NTFS permissions - Block user to clear the Allow inheritable permissions from parent to propagate to this object

Posted on 2008-06-10
9
765 Views
Last Modified: 2013-12-04
I'm assigning NFTS permissions to many folders. The problem I have is that many users are clearing the "'Allow inheritable permissions from parent to propagate to this object" check box, and even blocking administrators to enter this folders.
I want to know is there any way to disable that options, so users can only gave the permission the administrator gives to them. Thanxs.
0
Comment
Question by:juanc_ore
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:Mikkk
ID: 21755802
In order to block Users to change permissions, deny or uncheck the "Full Control" option in Security tab of this user, and make Full Control to Administrator Only.
Users will not be able to change permissions nor inheritance.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21755810
What permissions do you have setup for the users? If you give the users Full Control then they can remove the setting. Also, if the Everyone group has full control then the users have full control.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21755820
Quite correct - remove the Full Control option (of course your users must not be admins or they can put it back)

Note however that by default if the user creates a folder then as the owner/creator they get full control over that folder and there isn't much you can do about this (other than to take ownership away from them, which would be tedious)
0
 

Author Comment

by:juanc_ore
ID: 21760074
I have only assign the Modify permission to the users. In that parent folder the users can't change permissions. But, like KCTS said, if the user create a child folder, in that folder he can clear the "'Allow inheritable permissions from parent to propagate to this object" check box. With that option cleared, the user gets full control over that folder. I wan't to block users to being able to do this.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 70

Expert Comment

by:KCTS
ID: 21760134
You can't - sorry - thats the way it works.
If a user is allowed to create a folder, then its reasonable that they can  control it.
All I can suggest is that you use xcacls command periodially to add the administrator
eg:

xcacls d:\*.* /G administrator:F /E

would grant administrator full control of all files on D:
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21760157
There is a Group Policy that will remove the security tab off.
0
 

Author Comment

by:juanc_ore
ID: 21760199
Do you know which GPO can help me?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 300 total points
ID: 21760332
0
 

Author Closing Comment

by:juanc_ore
ID: 31465966
Thank you very much. That really help!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now