On my network share, how can I prevent users from creating folders that exclude Administrator permissions?

Posted on 2008-11-17
Last Modified: 2013-11-25
I am using Robocopy to backup our network share's files and folders.  The files and folders all have a complex and carefully laid out set of ACLs/permissions that I need to preserve.

However, Robocopy came across whole directories of files that it couldn't copy, because of "Error 5: Access is denied."  When I examined them closer, I found that they were files contained in folders that users had created themselves, and therefore did not have any domain administrator permissions or ownership.

Is there any way that I can allow users to create folders with fine tuned permissions, but still enforce/propagate Administrator ownership or privileges for all files and folders on the network share?
Question by:KTN-IT
    LVL 13

    Expert Comment

    Have you checked that the administrator permissions on the primary folder include inheritance to all subfolders? (it is a tick box which allows the permissions to be propogated to all sub-folders)
    LVL 5

    Author Comment

    Is this what you mean?  (See picture)

    The problem is, at many points down in the folder hierarchy, permission inheritance has been discontinued, and different permissions propagate from that point.

    This is fine, but I wonder if there's some way (like with a powershell script or something) that I could recurse through all the files and folders and just add the administrator in (at least with read access so I can backup with Robocopy), without altering any of the other custom permissions that are established.
    LVL 31

    Accepted Solution

    Try the following command
    C:\>cacls C:\PathToFolder /C /E /T /G administrators:F
    LVL 5

    Author Comment

    That's what I was looking for.

    The Powershell command is Set-Acl, but it doesn't seem quite as simple and straightforward as cacls, because it doesn't have any switch to automatically process all subfolders and files.

    Good resource:
    LVL 5

    Author Closing Comment


    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    It was Monday morning and while heading to work those familiar feelings of frustration began to rise: How was I ever going to get my yard work done?! At the end of every weekend I discovered that I spent more time trying to decide what to work on th…
    In Agile (, time and again people ask this question "How would you estimate a release for a product?". When it comes from management they want to know the following: Calculate the man hours wh…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now