Solved

NTFS permissions - Block user to clear the Allow inheritable permissions from parent to propagate to this object

Posted on 2008-06-10
9
767 Views
Last Modified: 2013-12-04
I'm assigning NFTS permissions to many folders. The problem I have is that many users are clearing the "'Allow inheritable permissions from parent to propagate to this object" check box, and even blocking administrators to enter this folders.
I want to know is there any way to disable that options, so users can only gave the permission the administrator gives to them. Thanxs.
0
Comment
Question by:juanc_ore
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:Mikkk
ID: 21755802
In order to block Users to change permissions, deny or uncheck the "Full Control" option in Security tab of this user, and make Full Control to Administrator Only.
Users will not be able to change permissions nor inheritance.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21755810
What permissions do you have setup for the users? If you give the users Full Control then they can remove the setting. Also, if the Everyone group has full control then the users have full control.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21755820
Quite correct - remove the Full Control option (of course your users must not be admins or they can put it back)

Note however that by default if the user creates a folder then as the owner/creator they get full control over that folder and there isn't much you can do about this (other than to take ownership away from them, which would be tedious)
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:juanc_ore
ID: 21760074
I have only assign the Modify permission to the users. In that parent folder the users can't change permissions. But, like KCTS said, if the user create a child folder, in that folder he can clear the "'Allow inheritable permissions from parent to propagate to this object" check box. With that option cleared, the user gets full control over that folder. I wan't to block users to being able to do this.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21760134
You can't - sorry - thats the way it works.
If a user is allowed to create a folder, then its reasonable that they can  control it.
All I can suggest is that you use xcacls command periodially to add the administrator
eg:

xcacls d:\*.* /G administrator:F /E

would grant administrator full control of all files on D:
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21760157
There is a Group Policy that will remove the security tab off.
0
 

Author Comment

by:juanc_ore
ID: 21760199
Do you know which GPO can help me?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 300 total points
ID: 21760332
0
 

Author Closing Comment

by:juanc_ore
ID: 31465966
Thank you very much. That really help!
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Learn about cloud computing and its benefits for small business owners.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question