ryank85
asked on
Folder Permissions
Hi,
We are trying to change the folder permissions on a client user profiles and for some unknown reason the permissions aren't filtering through to the sub folders - they can access to main parent folder but 2 folders down it says access denied.
When I add the user permission I am selecting the "replace all existing inherited permissions on all descendants...... but I still have this same problem.
Am I missing something really simple here, never had this problem before.
They are using Windows SBS 2008 and I am logged in as the domain administrator
thanks
Ryan
We are trying to change the folder permissions on a client user profiles and for some unknown reason the permissions aren't filtering through to the sub folders - they can access to main parent folder but 2 folders down it says access denied.
When I add the user permission I am selecting the "replace all existing inherited permissions on all descendants...... but I still have this same problem.
Am I missing something really simple here, never had this problem before.
They are using Windows SBS 2008 and I am logged in as the domain administrator
thanks
Ryan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do not take ownership of folder at top level directly, or else it may wipe out other users permissions and granting you full control permissions
Then you need to go each subfolder (Profiles) and explicitly grant individual users permissions
Insstead you can take ownership of individual user profile folder and then grant user full control permission
If you could try MS tool subinacl to take ownership of userprofiles root folder, it might help as it will not wipe users permissions on sub folder
subinacl /subdirectories "C:\Userprofiles\*" /setowner=domain\domainuse
http://www.microsoft.com/en-in/download/details.aspx?id=23510
Mahesh
Then you need to go each subfolder (Profiles) and explicitly grant individual users permissions
Insstead you can take ownership of individual user profile folder and then grant user full control permission
If you could try MS tool subinacl to take ownership of userprofiles root folder, it might help as it will not wipe users permissions on sub folder
subinacl /subdirectories "C:\Userprofiles\*" /setowner=domain\domainuse
http://www.microsoft.com/en-in/download/details.aspx?id=23510
Mahesh
ASKER
Thanks I will give this a go later. Much appreciated.
Ryan
Ryan
ASKER
Hi,
when I run this command I get the following error -
subinacl /subdirectories "D:\UsersProfiles\john" /setowner=domain\administr
'1337 The Security ID structure is invalid'
Error when checking arguments - D:\UsersProfiles\john
Ryan
when I run this command I get the following error -
subinacl /subdirectories "D:\UsersProfiles\john" /setowner=domain\administr
'1337 The Security ID structure is invalid'
Error when checking arguments - D:\UsersProfiles\john
Ryan
You need to add \ after directory otherwise it will give error
For Example:
subinacl /noverbose /subdirectories "D:\UsersProfiles\john\" /setowner=domain\administr
OR
subinacl /noverbose /subdirectories "D:\UsersProfiles\john\*" /setowner=domain\administr
Mahesh
For Example:
subinacl /noverbose /subdirectories "D:\UsersProfiles\john\" /setowner=domain\administr
OR
subinacl /noverbose /subdirectories "D:\UsersProfiles\john\*" /setowner=domain\administr
Mahesh
Check below article for more info
http://www.techexams.net/forums/off-topic/41420-how-do-you-take-ownership-over-multiple-roaming-profiles.html
Mahesh
http://www.techexams.net/forums/off-topic/41420-how-do-you-take-ownership-over-multiple-roaming-profiles.html
Mahesh
ASKER
Ok I have done that and the command now works, however when I re run the permissions on the root folder i.e. D:\UsersProfiles\john\ and select replace all existing permissions etc it still doesn't work.
e.g. when I go into the folder one level down - D:\UsersProfiles\john\docu
security.JPG
e.g. when I go into the folder one level down - D:\UsersProfiles\john\docu
security.JPG
can you check ownership of "John" Folder
The command will just give you ownership of folder to able to provide permissions
You need to give manual permissions
if its not reflected for your ID, then probably you need to run :
subinacl /noverbose /subdirectories "D:\UsersProfiles\*" /setowner=domain\administr
This should work.
But it won't gurantee that it will not replace users permissions as well on the sub foders. Normally it don't, but we cannot gurantee it.
If sub folders are less and easily identifyable, then you can take risk.
If permissions got replaced with ownership, you can manually enforce permissions with replace option on sub folders with respective users
Mahesh
Mahesh
The command will just give you ownership of folder to able to provide permissions
You need to give manual permissions
if its not reflected for your ID, then probably you need to run :
subinacl /noverbose /subdirectories "D:\UsersProfiles\*" /setowner=domain\administr
This should work.
But it won't gurantee that it will not replace users permissions as well on the sub foders. Normally it don't, but we cannot gurantee it.
If sub folders are less and easily identifyable, then you can take risk.
If permissions got replaced with ownership, you can manually enforce permissions with replace option on sub folders with respective users
Mahesh
Mahesh
ASKER
I also had to reset the permission of the level 2 folders.
ASKER
Ryan