Folder Permissions

One of our clients IT Managers would like to have full access to ALL of their company data.

Within their company data there are 3 directories - Shared Data/Profiles/Users.

Is there any way to add a blanket full access permission to every file and folder within their data? A lot of these folders don't inherit permissions so its all a bit messy really.

This is possible for Shared data, but due to ACL within profiles and users we are unable to add this permission.

We have tried XCACLS with no luck, is there an alternative program that can facilitate this request?
H_C_SAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lionel MMSmall Business IT ConsultantCommented:
Only success I have had is to take ownership for that user then add the required permissions with calc or xcalc or through the GUI and then give ownership back to the original owner. But as you say it can get messy and I have found that sometimes it is simply better to move or copy the data to a new root folder with the appropriate permissions.
0
Thomas GrassiSystems AdministratorCommented:
Set up a group add the user to that group

Give the group full permissions   Ntfs and share permissions
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dan CraciunIT ConsultantCommented:
You could use Powershell for that. Something like this (untested):

gci "X:\your\folder" - Recurse| % {
  $acl = get-acl $_.fullname
  $newRule = New-Object System.Security.AccessControl.FileSystemAccessRule("username", "FullControl", "Allow")
  $acl.AddAccessRule($newRule)
  set-acl $_.fullname $acl
}

Open in new window

Replace "X:\your\folder" with the actual folder path and "username" with your IT manager's name.

HTH,
Dan
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

H_C_SAuthor Commented:
Issue is there are so many profiles etc taking ownership will be messy as there is a lot to break.

You mentioned a GUI, have tried a few XCACLS gui tools with no success. I think we may need to logon to data server as local admin and run rather than domain admin. Group wont work - will only apply permissions one level down and there is a lot that is not inherited.

Thanks very much Dan, that seems like the best option although we'd like something with a GUI as we're getting more requests like this from different clients.

I have attached a screenshot of what were dealing with here
EEHelp.jpg
0
Dan CraciunIT ConsultantCommented:
You can hire someone to make you a nice frontend for the powershell script. Basically all the GUI tools in Windows 7+ are frontends to powershell scripts.
0
Lionel MMSmall Business IT ConsultantCommented:
I suggest you write down exactly what you want the end results on each root folder to be as well as the underlying folders. There is no way, either via script or with GUI that you can do what you are asking with "affecting" the folders in question so I suggest we move the focus from what you have now and trying to add a fix to providing us with the required results so we can write a script to go through all the files and folders and give them the permissions you require--this can be done by you providing csv list of folders, users & their required permissions example
c:\users\bob, bob, full control
and so on
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.