Fubr
asked on
Delegate User to Set Permissions on File Server
Hello Experts,
I am having an issue setting up a user to be able to change permissions on a folder and subfolders on a file server.
The file server is 2008 R2 and in a domain. I am the only administrator.
I have given this user (userA) the Full control permissions for this folder, and he can make, save, delete just fine. But he cannot change permissions of any subfolders in this folder.
Let me explain the situation….
Management wants all CAD models placed in the “PARTS” folder with userA being the only one to have read, write (full control) of this folder.
Inside the Parts folder is a folder named for each part number. Inside each part number folder is 4 folders (Master, Original, QA, Tooling).
The permissions are inherited from the parent as follows;
UserA = Full Control
Engineering = read & execute, list folder contents, read
I would like to have UserA to be in charge of this folder/subfolders and be able to change the permissions on the QA and Tooling folders, so Engineering group would have “Modify” rights on just these two folders.
(hope this all makes since)
How do I delegate rights for this user (UserA) to be able to do this without him being an admin of the server?
Client computers are Windows XP and Windows 7 pro.
The Parts folder is shared and users have the Parts folder mapped to their computers.
Sounds like a lot of micro-managing (and it is), if someone has a better solution, would like to here.
Thanks
Fubr
I am having an issue setting up a user to be able to change permissions on a folder and subfolders on a file server.
The file server is 2008 R2 and in a domain. I am the only administrator.
I have given this user (userA) the Full control permissions for this folder, and he can make, save, delete just fine. But he cannot change permissions of any subfolders in this folder.
Let me explain the situation….
Management wants all CAD models placed in the “PARTS” folder with userA being the only one to have read, write (full control) of this folder.
Inside the Parts folder is a folder named for each part number. Inside each part number folder is 4 folders (Master, Original, QA, Tooling).
The permissions are inherited from the parent as follows;
UserA = Full Control
Engineering = read & execute, list folder contents, read
I would like to have UserA to be in charge of this folder/subfolders and be able to change the permissions on the QA and Tooling folders, so Engineering group would have “Modify” rights on just these two folders.
(hope this all makes since)
How do I delegate rights for this user (UserA) to be able to do this without him being an admin of the server?
Client computers are Windows XP and Windows 7 pro.
The Parts folder is shared and users have the Parts folder mapped to their computers.
Sounds like a lot of micro-managing (and it is), if someone has a better solution, would like to here.
Thanks
Fubr
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes you can grant ownership and access to groups through Subinacl
The above syntax is for just for reference
Make sure you have logged on server with account having local administrators group membership.
Instead of providing permissions to GroupA grant ownership to local server administrators group
subinacl /subdirectories "c:\folder\*.*" /setowner=servername\admin istrators
Then
subinacl /subdirectories "c:\folder\" /grant=your_domain\UserA =F
Then just logoff server and user workstation as well once and check if you got access as expected ?
Alternatively you can try GUI method mentioned above
Mahesh
The above syntax is for just for reference
Make sure you have logged on server with account having local administrators group membership.
Instead of providing permissions to GroupA grant ownership to local server administrators group
subinacl /subdirectories "c:\folder\*.*" /setowner=servername\admin
Then
subinacl /subdirectories "c:\folder\" /grant=your_domain\UserA =F
Then just logoff server and user workstation as well once and check if you got access as expected ?
Alternatively you can try GUI method mentioned above
Mahesh
ASKER
Hey Mahesh,
Couldn't get it to work with the subinacl.
But I was able to get it going with the GUI method as you explain.
Thank you
Fubr
Couldn't get it to work with the subinacl.
But I was able to get it going with the GUI method as you explain.
Thank you
Fubr
Thanks
Just check below thread on same topic which shade some more light on this and to avoid this issue in future.
https://www.experts-exchange.com/questions/28307926/Owner.html
Mahesh
Just check below thread on same topic which shade some more light on this and to avoid this issue in future.
https://www.experts-exchange.com/questions/28307926/Owner.html
Mahesh
ASKER
I tried both and still get "access denied" when I have the userA try to change permission on QA and Tooling folders.
Now the only thing I did different, was I created a group (GroupA) adding user to this group and use this instead of UserA. Will subinacl still work on a group instead of user?
Permissions show GroupA as Full control
subinacl shows all good in command prompt
(Done: 2049, Modified: 2049, Failed: 0, Syntax errors: 0)
Any ideas??
Thanks
Fubr