Assign NTFS permissions to group of computers

Posted on 2010-09-14
Medium Priority
Last Modified: 2012-05-10
In a 2008 domain I created a task that runs on all computers in the domain under the system account.
The tasks tries to copy a file from a network share. I only want a specified group of computers be able to access the file. I created an AD group, added the computers to the group and gave the group appropiate permissions to the file.
However, my task is not able to copy the file (access denied).

When i add the AD group "Domain computers" to the ACL of the file, or I add an single computer account directly everything works fine....
Question by:SjoerdvW
  • 3
  • 2
LVL 17

Expert Comment

by:Tony Massa
ID: 33677292
What are the SHARE permissions set to?

LVL 57

Accepted Solution

Mike Kline earned 1000 total points
ID: 33677316
Did you reboot the computer after you added them to the group, that way the group membership is added to their token ThanksMike
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 33677331
...and in 2008 you can use a nice trick Darren posted without the reboot   http://sdmsoftware.com/blog/2008/08/22/picking-up-computer-group-membership-changes-without-a-reboot/...but reboot should always work.


Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 33677339
SHARE permissions: everyone FC (witch is enough cause it works when I add the computer directly to the file)

Author Closing Comment

ID: 33677443
Thnx Mike, you're a live saver... Was working several hours on this without rebooting the machine!!!
LVL 57

Expert Comment

by:Mike Kline
ID: 33677529
excellent glad to help, by the way this same principle applies if you add a user to a group.


Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question