On my network share, how can I prevent users from creating folders that exclude Administrator permissions?

I am using Robocopy to backup our network share's files and folders.  The files and folders all have a complex and carefully laid out set of ACLs/permissions that I need to preserve.

However, Robocopy came across whole directories of files that it couldn't copy, because of "Error 5: Access is denied."  When I examined them closer, I found that they were files contained in folders that users had created themselves, and therefore did not have any domain administrator permissions or ownership.

Is there any way that I can allow users to create folders with fine tuned permissions, but still enforce/propagate Administrator ownership or privileges for all files and folders on the network share?
LVL 5
KTN-ITAsked:
Who is Participating?
 
Henrik JohanssonConnect With a Mentor Systems engineerCommented:
Try the following command
C:\>cacls C:\PathToFolder /C /E /T /G administrators:F
0
 
RobinHumanCommented:
Have you checked that the administrator permissions on the primary folder include inheritance to all subfolders? (it is a tick box which allows the permissions to be propogated to all sub-folders)
0
 
KTN-ITAuthor Commented:
Is this what you mean?  (See picture)

The problem is, at many points down in the folder hierarchy, permission inheritance has been discontinued, and different permissions propagate from that point.

This is fine, but I wonder if there's some way (like with a powershell script or something) that I could recurse through all the files and folders and just add the administrator in (at least with read access so I can backup with Robocopy), without altering any of the other custom permissions that are established.
Clipboard01.gif
0
 
KTN-ITAuthor Commented:
That's what I was looking for.

The Powershell command is Set-Acl, but it doesn't seem quite as simple and straightforward as cacls, because it doesn't have any switch to automatically process all subfolders and files.

Good resource:
http://www.ss64.com/nt/cacls.html
0
 
KTN-ITAuthor Commented:
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.