Solved

New users Permissions

Posted on 2011-02-25
9
335 Views
Last Modified: 2013-12-27
I want two users, who are part of a security group "level 0" get automatic permissions to all files/folders/sub-folders of all users that are created in SBS console or AD.

More importantly, I want so that, whenever a new user is created, besides his own access, this security group "level 0" also gets access to new users folder automatically.

Is there a settign to automate this? I dont want to have to do this for every user.
0
Comment
Question by:m2chaudh
  • 4
  • 4
9 Comments
 
LVL 13

Expert Comment

by:connectex
ID: 34982043
Which version of SBS are you using?
0
 

Author Comment

by:m2chaudh
ID: 34982294
We recently migrated from SBS2003 to SBS2011
0
 
LVL 13

Expert Comment

by:connectex
ID: 34982363
In SBS 2003 there was a group called Folder Operators. And adding someone too it did this exact request. But they dropped it and it's not really possible anymore as the SBS wizards will not add the proper rights by default. So you'll have to do it manually from what found.
0
 

Author Comment

by:m2chaudh
ID: 34983752
Isnt there another way for this to be done on sbs2011?
0
 
LVL 13

Expert Comment

by:connectex
ID: 34984805
The problem is the SBS new user wizard won't grant the rights so you'll always be going to behind it to fix them as you desire.
0
 
LVL 12

Accepted Solution

by:
Navdeep earned 250 total points
ID: 34985047
Hi,

Do you want this on Files / Folders or when you create a new user and in it's security tab you want a group/user to have permission on them

permission on Files / Folders are thru inheritance. For example all childs and subchilds which are inheriting permissions will get the same permission which their parent folder has.

What i understand from your question is that whenever you create new user, they will have those special users and there permissions on them --- correct -- -This can be ----Create a group and make it a member of AdminSDHolder with desired permission.... But be very careful

Read this article first, this talks of something opposite what you are trying to achieve but it can be used to accomplish what you are trying to do.
http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

and whatever files and folder user create they get that permission --- is this correct --- this may  not be controlled from AD -- as i mentioned before
0
 

Author Comment

by:m2chaudh
ID: 35089485
That article is too confusing, there has to be something simpler to do this relatively simple task?
0
 
LVL 13

Assisted Solution

by:connectex
connectex earned 250 total points
ID: 35339356
I recently had a client management request access to all user folders. While my solution is not perfect, it does work. So here's what I did. I created a batch file to change the permissions on all subfolders using SetACL.exe. I'm running it on the server via the task schedular every day. It updates all users folders by adding the SBS Folder Operators group with change permissions. Be sure to change line 3 to your user folder path, line 4 for the path to setacl.exe, and line 6 change "sbs folder operators" to your desired group. Also you can "change" to "full" is desired.

@echo off
setlocal
set folder=d:\users\shares
set setacl="\\omnisrv1\netadmin$\utils\setacl.exe"
if not exist %setacl% goto need_setacl
for /d %%a in ("%folder%\*.*") do %setacl% -on "%%a" -ot file -actn ace -ace "n:sbs folder operators;p:change"
endlocal
goto :EOF
:need_setacl
echo.
echo ERROR - SetACL.exe is not available
endlocal

Open in new window


SetACL download: http://sourceforge.net/projects/setacl/files/
SetACL documention: http://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/:
0
 

Author Closing Comment

by:m2chaudh
ID: 35728592
This hasnt worked, but the closest answer was what I received from you guys. My client hasnt brought this up as an "issue" so I have to put it at rest for now. I'll probably use a 3rd party program if he insists on using this feature.
0

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now