Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

NTFS permissions - Block user to clear the Allow inheritable permissions from parent to propagate to this object

Posted on 2008-06-10
9
Medium Priority
?
776 Views
Last Modified: 2013-12-04
I'm assigning NFTS permissions to many folders. The problem I have is that many users are clearing the "'Allow inheritable permissions from parent to propagate to this object" check box, and even blocking administrators to enter this folders.
I want to know is there any way to disable that options, so users can only gave the permission the administrator gives to them. Thanxs.
0
Comment
Question by:juanc_ore
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:Mikkk
ID: 21755802
In order to block Users to change permissions, deny or uncheck the "Full Control" option in Security tab of this user, and make Full Control to Administrator Only.
Users will not be able to change permissions nor inheritance.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21755810
What permissions do you have setup for the users? If you give the users Full Control then they can remove the setting. Also, if the Everyone group has full control then the users have full control.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21755820
Quite correct - remove the Full Control option (of course your users must not be admins or they can put it back)

Note however that by default if the user creates a folder then as the owner/creator they get full control over that folder and there isn't much you can do about this (other than to take ownership away from them, which would be tedious)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:juanc_ore
ID: 21760074
I have only assign the Modify permission to the users. In that parent folder the users can't change permissions. But, like KCTS said, if the user create a child folder, in that folder he can clear the "'Allow inheritable permissions from parent to propagate to this object" check box. With that option cleared, the user gets full control over that folder. I wan't to block users to being able to do this.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21760134
You can't - sorry - thats the way it works.
If a user is allowed to create a folder, then its reasonable that they can  control it.
All I can suggest is that you use xcacls command periodially to add the administrator
eg:

xcacls d:\*.* /G administrator:F /E

would grant administrator full control of all files on D:
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21760157
There is a Group Policy that will remove the security tab off.
0
 

Author Comment

by:juanc_ore
ID: 21760199
Do you know which GPO can help me?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 1200 total points
ID: 21760332
0
 

Author Closing Comment

by:juanc_ore
ID: 31465966
Thank you very much. That really help!
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Integration Management Part 2
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question