Solved

What is the best way to reset NTFS Permissions on a directory tree?

Posted on 2008-06-23
7
680 Views
Last Modified: 2012-06-21
Hi
I am having trouble with a directory which should be  accessed by a group of users.
On some of the subdirectories only the owner who copied the documents or made the new directories have access permission.  On other directories the administrator cannot even see the permissions on the directories.  When I try to apply changes to all the subdirectories from the parent I get "access denied" messages.
Could someone walk me through the steps to give "Group A"  read permissions, the owner change permissions  and the administrator permission to view and change security setting and browse folder?

Thanks for your help



0
Comment
Question by:tonitone2
  • 4
  • 3
7 Comments
 
LVL 15

Expert Comment

by:fishadr
ID: 21845219
The XCacls.exe from Microsoft is pretty good at applying security to folders and files:
http://support.microsoft.com/kb/318754

The following has the examples of different scenario's:
http://technet2.microsoft.com/windowsserver/en/library/2c292829-afb0-4ac0-82e6-aa0f5273f1151033.mspx?mfr=true

You are likely to have to take ownership of all the files and folders yourself then you can apply the changes.
e.g.
xcacls.exe c:\data\Problem_folder /g administrators:o

Then you can apply the permissions that you require
0
 

Author Comment

by:tonitone2
ID: 21845823
Can I use Xcacls.vbs?     and what flags do I use to replace permissions on all files and folders?
/S /T  ?    
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21845926
You can use xcacls.vbs, it has a few more feature but on a server with quite a few files on it is very slow (due to it being a VBScript), the XCACLS.EXE is much faster.

To do all subfolders use the /S /T option
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:tonitone2
ID: 21846170
The xcacls.exe download at microsoft.com delivers an installer for xcacls.vbs
The commmand line  xcacls.vbs c:\data\Problem_folder /g administrators:o delivers an error message.
"Perm entered with /G not valid"
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21846318
With the VBS version just run

xcacls.vbs c:\data\Problem_folder /o "Domain\administrators"

replace Domain\ with the relevant domain name
0
 

Author Comment

by:tonitone2
ID: 21903896
Ok,  that's a start.
but   xcacls.vbs c:\data\Problem_folder /o "Domain\administrators"  will not give ownership to the tree including all files and folder but just the top folder, if I' not mistaken.  If I have to go through and change everthing individually that will take forever.
0
 
LVL 15

Accepted Solution

by:
fishadr earned 250 total points
ID: 21905711
If you add the /S (subdirectories) and /T (traverse diretories) this should apply ownership to all subdirectories.

http://support.microsoft.com/kb/825751
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question