Avatar of ryank85
ryank85 asked on

Folder Permissions

Hi,

We are trying to change the folder permissions on a client user profiles and for some unknown reason the permissions aren't filtering through to the sub folders - they can access to main parent folder but 2 folders down it says access denied.

When I add the user permission I am selecting the "replace all existing inherited permissions on all descendants...... but I still have this same problem.

Am I missing something really simple here, never had this problem before.

They are using Windows SBS 2008 and I am logged in as the domain administrator

thanks
Ryan
OutlookSBSOS Security

Avatar of undefined
Last Comment
ryank85

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Mahesh

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
ryank85

Thanks. So I need to make sure the domain admin is the owner of the top level folder I.e 'userprofiles' or the folder below of the 'username'

Ryan
Mahesh

Do not take ownership of folder at top level directly, or else it may wipe out other users permissions and granting you full control permissions
Then you need to go each subfolder (Profiles) and explicitly grant individual users permissions

Insstead you can take ownership of individual user profile folder and then grant user full control permission

If you could try MS tool subinacl to take ownership of userprofiles root folder, it might help as it will not wipe users permissions on sub folder

subinacl /subdirectories "C:\Userprofiles\*" /setowner=domain\domainuser

http://www.microsoft.com/en-in/download/details.aspx?id=23510
Mahesh
ASKER
ryank85

Thanks I will give this a go later. Much appreciated.

Ryan
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
ryank85

Hi,

when I run this command I get the following error -

subinacl /subdirectories "D:\UsersProfiles\john" /setowner=domain\administrator

'1337 The Security ID structure is invalid'

Error when checking arguments - D:\UsersProfiles\john


Ryan
Mahesh

You need to add \ after directory otherwise it will give error

For Example:
subinacl /noverbose /subdirectories "D:\UsersProfiles\john\" /setowner=domain\administrator

OR

subinacl /noverbose /subdirectories "D:\UsersProfiles\john\*" /setowner=domain\administrator

Mahesh
Mahesh

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
ryank85

Ok I have done that and the command now works, however when I re run the permissions on the root folder i.e. D:\UsersProfiles\john\ and select replace all existing permissions etc it still doesn't work.

e.g. when I go into the folder one level down - D:\UsersProfiles\john\documents and right click and look at the permissions it has John in the list however no ticks underneath saying he has any permissions
security.JPG
Mahesh

can you check ownership of "John" Folder
The command will just give you ownership of folder to able to provide permissions
You need to give manual permissions

if its not reflected for your ID, then probably you need to run :

subinacl /noverbose /subdirectories "D:\UsersProfiles\*" /setowner=domain\administrator

This should work.
But it won't gurantee that it will not replace users permissions as well on the sub foders. Normally it don't, but we cannot gurantee it.
If sub folders are less and easily identifyable, then you can take risk.
If permissions got replaced with ownership, you can manually enforce permissions with replace option on sub folders with respective users

Mahesh

Mahesh
ASKER
ryank85

I also had to reset the permission of the level 2 folders.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy