Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

New users Permissions

Posted on 2011-02-25
9
Medium Priority
?
347 Views
Last Modified: 2013-12-27
I want two users, who are part of a security group "level 0" get automatic permissions to all files/folders/sub-folders of all users that are created in SBS console or AD.

More importantly, I want so that, whenever a new user is created, besides his own access, this security group "level 0" also gets access to new users folder automatically.

Is there a settign to automate this? I dont want to have to do this for every user.
0
Comment
Question by:m2chaudh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 13

Expert Comment

by:connectex
ID: 34982043
Which version of SBS are you using?
0
 

Author Comment

by:m2chaudh
ID: 34982294
We recently migrated from SBS2003 to SBS2011
0
 
LVL 13

Expert Comment

by:connectex
ID: 34982363
In SBS 2003 there was a group called Folder Operators. And adding someone too it did this exact request. But they dropped it and it's not really possible anymore as the SBS wizards will not add the proper rights by default. So you'll have to do it manually from what found.
0
Take our survey for a chance to win!

As a valued customer of Targus, we’d like to ask you a few questions about us. As thanks, you will be automatically entered for a chance to win a $500 VISA gift card. To enter, just complete the survey by September 15, 2017.

 

Author Comment

by:m2chaudh
ID: 34983752
Isnt there another way for this to be done on sbs2011?
0
 
LVL 13

Expert Comment

by:connectex
ID: 34984805
The problem is the SBS new user wizard won't grant the rights so you'll always be going to behind it to fix them as you desire.
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 750 total points
ID: 34985047
Hi,

Do you want this on Files / Folders or when you create a new user and in it's security tab you want a group/user to have permission on them

permission on Files / Folders are thru inheritance. For example all childs and subchilds which are inheriting permissions will get the same permission which their parent folder has.

What i understand from your question is that whenever you create new user, they will have those special users and there permissions on them --- correct -- -This can be ----Create a group and make it a member of AdminSDHolder with desired permission.... But be very careful

Read this article first, this talks of something opposite what you are trying to achieve but it can be used to accomplish what you are trying to do.
http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

and whatever files and folder user create they get that permission --- is this correct --- this may  not be controlled from AD -- as i mentioned before
0
 

Author Comment

by:m2chaudh
ID: 35089485
That article is too confusing, there has to be something simpler to do this relatively simple task?
0
 
LVL 13

Assisted Solution

by:connectex
connectex earned 750 total points
ID: 35339356
I recently had a client management request access to all user folders. While my solution is not perfect, it does work. So here's what I did. I created a batch file to change the permissions on all subfolders using SetACL.exe. I'm running it on the server via the task schedular every day. It updates all users folders by adding the SBS Folder Operators group with change permissions. Be sure to change line 3 to your user folder path, line 4 for the path to setacl.exe, and line 6 change "sbs folder operators" to your desired group. Also you can "change" to "full" is desired.

@echo off
setlocal
set folder=d:\users\shares
set setacl="\\omnisrv1\netadmin$\utils\setacl.exe"
if not exist %setacl% goto need_setacl
for /d %%a in ("%folder%\*.*") do %setacl% -on "%%a" -ot file -actn ace -ace "n:sbs folder operators;p:change"
endlocal
goto :EOF
:need_setacl
echo.
echo ERROR - SetACL.exe is not available
endlocal

Open in new window


SetACL download: http://sourceforge.net/projects/setacl/files/
SetACL documention: http://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/:
0
 

Author Closing Comment

by:m2chaudh
ID: 35728592
This hasnt worked, but the closest answer was what I received from you guys. My client hasnt brought this up as an "issue" so I have to put it at rest for now. I'll probably use a 3rd party program if he insists on using this feature.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question