jskfan
asked on
Domain Admin and share/folder permissions
I would like to know if a Domain Admin has ,by default, full control permission on the shares and NTFS folders.
I believe Domain Admin can add his account and give it Full control on the NTFS folders and Share permissions, but not by default. I could be wrong.
any comments on this ?
thanks
I believe Domain Admin can add his account and give it Full control on the NTFS folders and Share permissions, but not by default. I could be wrong.
any comments on this ?
thanks
As long as you haven't altered any permissions to begin with then yes Domain Admins always have permission. The only way you could have screwed this up was to remove inheritance on the advanced portion of the sharing/security.
ASKER
Sometimes as a domain admin, when I use : \\servername\sharename
I can see some folders but some of them I cannot, does that mean they removed the inheritance on the folders I cannot see ?
I can see some folders but some of them I cannot, does that mean they removed the inheritance on the folders I cannot see ?
That could potentially mean that those folders were "unshared." RDP to the server, navigate to those folders you can't see when you go \\servername\share and right click and properties and make sure that they are set to both inherit permissions and be shared.
Inheritance does not automatically include admins, it simply means it gets permissions from its parent. If admins were removed from the root of a drive, or were never there when the drive was created, then it would not be in the children even if inheritance is on.
If you need to get access to them you can, but be careful.
You should already be a member of local Administrators group (it should include Domain Admins).
Go into the security properties of the folder you dont see, look at the current owner.
Make sure the current owner has full permissions.
Take ownership of the folder (best is Administrators).
Grant yourself, or better yet Administrators full permissions.
Look at inheritance.
In some organizations, full permissions to some data is removed from the admins.
Like in a Bank, the IT staff should not have access to all the data.
So consider this when you are granting yourself permissions to stuff, will someone in your organization jam you up for it?
If you need to get access to them you can, but be careful.
You should already be a member of local Administrators group (it should include Domain Admins).
Go into the security properties of the folder you dont see, look at the current owner.
Make sure the current owner has full permissions.
Take ownership of the folder (best is Administrators).
Grant yourself, or better yet Administrators full permissions.
Look at inheritance.
In some organizations, full permissions to some data is removed from the admins.
Like in a Bank, the IT staff should not have access to all the data.
So consider this when you are granting yourself permissions to stuff, will someone in your organization jam you up for it?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That is supposed to happen but in my long experience I have seen situations where it does not. Bottom line is to not make any assumptions, check everything and find the root cause.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Guys
ASKER
Thanks
Any of this can be changed so don't assume.