Why it takes so much time to change rights on folder that inherent?

Posted on 2011-10-06
Last Modified: 2012-05-12

Lets say I have a folder named PIC.
in this folder i have 1 million picture files, some are into other folders inside.
all the files and folders are set to inherent from parent , from PIC.

why when i change rights on PIC, like adding a specific user with read and list access.
it takes alot of time. it working on every file under that foldet and setting rights, why ?

Its on 2008 R2 Server, is there a way to change this ? Many Project managers on the nas says it takes alot of time to change rights.
Question by:yairge
    LVL 13

    Accepted Solution

    The reason is those rights need to be applied to every file inside of that folder.  There is no way to change this except for perhaps turning off inheritance.

    This of course would defeat the purpose of assigning the permissions.

    The best thing to do is create security groups that have access, then you can just add people to those security groups as needed.
    LVL 6

    Assisted Solution


    Permissions and security descriptors
    Every container and object on the network has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. The security descriptor is automatically created along with the container or object that is created. A typical example of an object with a security descriptor is a file.

    Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups. For example, for the file Temp.dat, the Administrator group might be assigned read, write, and delete permissions, while the Operator group might be assigned Read and Write permissions only.

    Each assignment of permissions to a user or group is known as a permission entry, which is a type of access control entry (ACE). The entire set of permission entries in a security descriptor is known as a permission set or access control list (ACL). Thus, for a file named Temp.dat, the permission set includes two permission entries, one for the Administrator group and one for the Operator group.

    For Active Directory objects, not only will the specified objects in the Apply onto field inherit the access control entries but ALL child objects will receive a copy of that ACE. The child objects not specified in the Apply onto field will not utilize the ACE whose copy they receive but if there are enough objects that will get copies of this ACE, then that increased amount of data can cause serious performance problems to your network.
    LVL 6

    Expert Comment

    In other words, As BCipollone states, All files need to change there permission attributes. It has to scan every file to see what is there and change it to reflect what you want
    LVL 37

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Usually shares are where we want them for our users and we tend to take them for granted. There are times, however, when those shares may disappear causing difficulty for your users. One of the first things to try is searching for files that shou…
    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
    This tutorial will walk an individual through the process of upgrading their existing Backup Exec 2012 to 2014. Either install the CD\DVD into the drive and let it auto-start, or browse to the drive and double-click the Browser file: Select the ap…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now