[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Append New Permissions To Subfolders (inherited or not)

Posted on 2010-01-07
Medium Priority
Last Modified: 2012-05-08
Greetings, Experts.  I am in need of some advise on how to proceed with a unique solution related to permissions on server folders on our Windows Server 2003 file server.  

PRESENTLY:  We have a server folder called "Company Resources" with 10's of sub-folders covering unique topics for our company.  While some of these sub-folders are inheriting permissions from the parent Company Resources folder, some are not.  I've got quite the nest of folders here.  LOL!

GOAL:  I am seeking a solution whereby I can "overlay" (add) a new security group with Full permissions on *all* sub-folders inherited or not.  I'm not referring to a "replace" of permissions here.  The existing permissions on all sub-folders (inherited or not) would remain unchanged, except for the addition of this new security group with Full permissions.

Please forgive me if this is not 100% clearly stated.  If it does make sense, is there a way to make this happen, exactly the way that I stated above?

Thank you , Experts!
Question by:todjklki
LVL 16

Accepted Solution

btassure earned 2000 total points
ID: 26204387
I would use something like cacls

That will let you add a new permission to existing sets. You will need to set it to parse all subfolders and files though.

Expert Comment

ID: 26205857
I would like to say that you can use Windows Security Settings to acheive this. You can go to the sub folders and exclusively add full permissions to the security group that you will create. We call it an explicite allow permission.
Explicit allow ACE: An ACE applied directly to the resource that grants access. An explicit allow will always override an inherited deny but will always be overridden by explicit deny ACEs.

Refer: http://msdn.microsoft.com/en-us/library/cc246052(PROT.10).aspx

Hope you have got your answer.


Author Closing Comment

ID: 31674249
Thanks very much.  :)

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question