Solved

Folder Permissions

Posted on 2013-12-04
10
268 Views
Last Modified: 2014-01-07
Hi,

We are trying to change the folder permissions on a client user profiles and for some unknown reason the permissions aren't filtering through to the sub folders - they can access to main parent folder but 2 folders down it says access denied.

When I add the user permission I am selecting the "replace all existing inherited permissions on all descendants...... but I still have this same problem.

Am I missing something really simple here, never had this problem before.

They are using Windows SBS 2008 and I am logged in as the domain administrator

thanks
Ryan
0
Comment
Question by:ryank85
  • 5
  • 5
10 Comments
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39697611
1st you need to take folder ownership through advanced NTFS security permissions, then you can flow required users reqquired access from top to bottom with replace option.

Mahesh
0
 

Author Comment

by:ryank85
ID: 39697619
Thanks. So I need to make sure the domain admin is the owner of the top level folder I.e 'userprofiles' or the folder below of the 'username'

Ryan
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39697652
Do not take ownership of folder at top level directly, or else it may wipe out other users permissions and granting you full control permissions
Then you need to go each subfolder (Profiles) and explicitly grant individual users permissions

Insstead you can take ownership of individual user profile folder and then grant user full control permission

If you could try MS tool subinacl to take ownership of userprofiles root folder, it might help as it will not wipe users permissions on sub folder

subinacl /subdirectories "C:\Userprofiles\*" /setowner=domain\domainuser

http://www.microsoft.com/en-in/download/details.aspx?id=23510
Mahesh
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:ryank85
ID: 39697680
Thanks I will give this a go later. Much appreciated.

Ryan
0
 

Author Comment

by:ryank85
ID: 39698124
Hi,

when I run this command I get the following error -

subinacl /subdirectories "D:\UsersProfiles\john" /setowner=domain\administrator

'1337 The Security ID structure is invalid'

Error when checking arguments - D:\UsersProfiles\john


Ryan
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39698141
You need to add \ after directory otherwise it will give error

For Example:
subinacl /noverbose /subdirectories "D:\UsersProfiles\john\" /setowner=domain\administrator

OR

subinacl /noverbose /subdirectories "D:\UsersProfiles\john\*" /setowner=domain\administrator

Mahesh
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39698148
0
 

Author Comment

by:ryank85
ID: 39698168
Ok I have done that and the command now works, however when I re run the permissions on the root folder i.e. D:\UsersProfiles\john\ and select replace all existing permissions etc it still doesn't work.

e.g. when I go into the folder one level down - D:\UsersProfiles\john\documents and right click and look at the permissions it has John in the list however no ticks underneath saying he has any permissions
security.JPG
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39698222
can you check ownership of "John" Folder
The command will just give you ownership of folder to able to provide permissions
You need to give manual permissions

if its not reflected for your ID, then probably you need to run :

subinacl /noverbose /subdirectories "D:\UsersProfiles\*" /setowner=domain\administrator

This should work.
But it won't gurantee that it will not replace users permissions as well on the sub foders. Normally it don't, but we cannot gurantee it.
If sub folders are less and easily identifyable, then you can take risk.
If permissions got replaced with ownership, you can manually enforce permissions with replace option on sub folders with respective users

Mahesh

Mahesh
0
 

Author Closing Comment

by:ryank85
ID: 39761722
I also had to reset the permission of the level 2 folders.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Set time on server to sync with the internet clock 22 69
IT Desktop Support 11 66
Need to disable SSL Cipher 7 58
How to log the IP address of a failed login attempt 6 30
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
Read this checklist to learn more about the 15 things you should never include in an email signature.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

774 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question