Solved

NTFS permissions - Block user to clear the Allow inheritable permissions from parent to propagate to this object

Posted on 2008-06-10
9
768 Views
Last Modified: 2013-12-04
I'm assigning NFTS permissions to many folders. The problem I have is that many users are clearing the "'Allow inheritable permissions from parent to propagate to this object" check box, and even blocking administrators to enter this folders.
I want to know is there any way to disable that options, so users can only gave the permission the administrator gives to them. Thanxs.
0
Comment
Question by:juanc_ore
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:Mikkk
ID: 21755802
In order to block Users to change permissions, deny or uncheck the "Full Control" option in Security tab of this user, and make Full Control to Administrator Only.
Users will not be able to change permissions nor inheritance.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21755810
What permissions do you have setup for the users? If you give the users Full Control then they can remove the setting. Also, if the Everyone group has full control then the users have full control.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21755820
Quite correct - remove the Full Control option (of course your users must not be admins or they can put it back)

Note however that by default if the user creates a folder then as the owner/creator they get full control over that folder and there isn't much you can do about this (other than to take ownership away from them, which would be tedious)
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:juanc_ore
ID: 21760074
I have only assign the Modify permission to the users. In that parent folder the users can't change permissions. But, like KCTS said, if the user create a child folder, in that folder he can clear the "'Allow inheritable permissions from parent to propagate to this object" check box. With that option cleared, the user gets full control over that folder. I wan't to block users to being able to do this.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21760134
You can't - sorry - thats the way it works.
If a user is allowed to create a folder, then its reasonable that they can  control it.
All I can suggest is that you use xcacls command periodially to add the administrator
eg:

xcacls d:\*.* /G administrator:F /E

would grant administrator full control of all files on D:
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21760157
There is a Group Policy that will remove the security tab off.
0
 

Author Comment

by:juanc_ore
ID: 21760199
Do you know which GPO can help me?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 300 total points
ID: 21760332
0
 

Author Closing Comment

by:juanc_ore
ID: 31465966
Thank you very much. That really help!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question