Solved

New users Permissions

Posted on 2011-02-25
9
344 Views
Last Modified: 2013-12-27
I want two users, who are part of a security group "level 0" get automatic permissions to all files/folders/sub-folders of all users that are created in SBS console or AD.

More importantly, I want so that, whenever a new user is created, besides his own access, this security group "level 0" also gets access to new users folder automatically.

Is there a settign to automate this? I dont want to have to do this for every user.
0
Comment
Question by:m2chaudh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 13

Expert Comment

by:connectex
ID: 34982043
Which version of SBS are you using?
0
 

Author Comment

by:m2chaudh
ID: 34982294
We recently migrated from SBS2003 to SBS2011
0
 
LVL 13

Expert Comment

by:connectex
ID: 34982363
In SBS 2003 there was a group called Folder Operators. And adding someone too it did this exact request. But they dropped it and it's not really possible anymore as the SBS wizards will not add the proper rights by default. So you'll have to do it manually from what found.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:m2chaudh
ID: 34983752
Isnt there another way for this to be done on sbs2011?
0
 
LVL 13

Expert Comment

by:connectex
ID: 34984805
The problem is the SBS new user wizard won't grant the rights so you'll always be going to behind it to fix them as you desire.
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 250 total points
ID: 34985047
Hi,

Do you want this on Files / Folders or when you create a new user and in it's security tab you want a group/user to have permission on them

permission on Files / Folders are thru inheritance. For example all childs and subchilds which are inheriting permissions will get the same permission which their parent folder has.

What i understand from your question is that whenever you create new user, they will have those special users and there permissions on them --- correct -- -This can be ----Create a group and make it a member of AdminSDHolder with desired permission.... But be very careful

Read this article first, this talks of something opposite what you are trying to achieve but it can be used to accomplish what you are trying to do.
http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

and whatever files and folder user create they get that permission --- is this correct --- this may  not be controlled from AD -- as i mentioned before
0
 

Author Comment

by:m2chaudh
ID: 35089485
That article is too confusing, there has to be something simpler to do this relatively simple task?
0
 
LVL 13

Assisted Solution

by:connectex
connectex earned 250 total points
ID: 35339356
I recently had a client management request access to all user folders. While my solution is not perfect, it does work. So here's what I did. I created a batch file to change the permissions on all subfolders using SetACL.exe. I'm running it on the server via the task schedular every day. It updates all users folders by adding the SBS Folder Operators group with change permissions. Be sure to change line 3 to your user folder path, line 4 for the path to setacl.exe, and line 6 change "sbs folder operators" to your desired group. Also you can "change" to "full" is desired.

@echo off
setlocal
set folder=d:\users\shares
set setacl="\\omnisrv1\netadmin$\utils\setacl.exe"
if not exist %setacl% goto need_setacl
for /d %%a in ("%folder%\*.*") do %setacl% -on "%%a" -ot file -actn ace -ace "n:sbs folder operators;p:change"
endlocal
goto :EOF
:need_setacl
echo.
echo ERROR - SetACL.exe is not available
endlocal

Open in new window


SetACL download: http://sourceforge.net/projects/setacl/files/
SetACL documention: http://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/:
0
 

Author Closing Comment

by:m2chaudh
ID: 35728592
This hasnt worked, but the closest answer was what I received from you guys. My client hasnt brought this up as an "issue" so I have to put it at rest for now. I'll probably use a 3rd party program if he insists on using this feature.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question