How to grant full control to a directory tree?

On Windows Server 2012, I am trying to grant myself "full control" on a directory tree.  Using "command prompt" and "running as administrator", I executed

icacls <filePath> /grant:r <domainName>\<userName>:(OI)(CI)F /inheritance:e

Here is a synopsis of the command arguments:

   /grant:r        grant, replacing previous permissions
   (OI)            object inherit
   (CI)            container inherit
   F               full control
   /inheritance:e  enables inheritance

This command runs, but does not grant me full control of the entire directory tree.  While running as domainName\userName, I still get "Permission denied" errors.  Apparently, I am not doing something quite right.
CFS_developerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mitchell MilliganInformation Technology Network AdministratorCommented:
You may have to force ownership of the folder before you can edit those permissions on it.  Try this to take ownership first, then try that command:

To Take Ownership of a Folder or Drive using TAKEOWN Command
NOTE: This command will take ownership of the folder or drive, and all files and subfolders in the folder or drive.


A) In the elevated command prompt, type the command you want below, press Enter, and go to step 5 below.
NOTE: Substitute full path of folder or drive with the full path of the folder or drive letter that you want to take ownership of within quotes.


(To grant currently logged on user ownership of)

takeown /F "full path of folder or drive" /R /D Y


(To grant administrators group ownership of)

takeown /F "full path of folder or drive" /A /R /D Y


For example:

takeown /F "F:" /A /R /D Y

takeown /F "F:\Folder" /A /R /D Y

Source: http://www.eightforums.com/tutorials/2808-take-ownership-file-folder-drive-registry-key-windows-8-a.html

This should work the same for Server 2012 since it works for Windows 8.  Continue to run the cmd as administrator, and this should help you out!


Additionally, you may have to force the permissions to cascade through the directory, this is a known bug on S2012 sometimes.  To do this, you can follow these instructions at technet: http://social.technet.microsoft.com/Forums/windowsserver/en-US/8d17c211-264c-4570-ad33-8643dd66e4d1/cant-take-ownership-of-files-with-take-own-get-access-diened?forum=winserverfiles
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
First of all, you should NEVER assign permissions to an account.  Think how long it's going to take to change the permissions on everything and what happens if you later want to add another person to have full control?

Create a GROUP, put yourself into that group, and assign full control to the group.  Later, if you want to add or remove people from access, it's as simple (AND FAST) as adding or removing them to the group.

Second, as stated above, take ownership of everything.  Then you can change permissions.
0
Mitchell MilliganInformation Technology Network AdministratorCommented:
Lee is correct, you should create a group first, then assign that group.  That slipped my mind, but thanks for the input Lee.
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

CFS_developerAuthor Commented:
If I create a group, how do I recursively assign ownership to that group?  The takeown command only assigns to the user running the program or to the administrators group.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Take ownership for you and then assign the group.  There's always going to be a first, so to speak, when you need to change something, but by using a group you won't waste your time EVERY time in the future.
0
CFS_developerAuthor Commented:
The Windows commands to recursively adjust file permissions failed on some of the files and folders.  My solution was to utilize Cygwin's unix-type utilities in conjunction with Windows commands:

chmod -R ugo+rwx fileName
takeown /F fileName /R
icacls fileName /grant:r domain\user:(OI)(CI)F /inheritance:e
chmod -R o-rwx fileName

Most likely, some of the above commands are superfluous, but the overall flow worked.  Good enough.  

Cygwin is available from  http://www.cygwin.com/

Now that I have personal ownership and access for the directory tree, I can concern myself with group assignment.

Thanks everybody for your help.
0
CFS_developerAuthor Commented:
My comment does indeed provide part of the solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.