Folder Permissions

H_C_S
H_C_S used Ask the Experts™
on
One of our clients IT Managers would like to have full access to ALL of their company data.

Within their company data there are 3 directories - Shared Data/Profiles/Users.

Is there any way to add a blanket full access permission to every file and folder within their data? A lot of these folders don't inherit permissions so its all a bit messy really.

This is possible for Shared data, but due to ACL within profiles and users we are unable to add this permission.

We have tried XCACLS with no luck, is there an alternative program that can facilitate this request?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Lionel MMSmall Business IT Consultant

Commented:
Only success I have had is to take ownership for that user then add the required permissions with calc or xcalc or through the GUI and then give ownership back to the original owner. But as you say it can get messy and I have found that sometimes it is simply better to move or copy the data to a new root folder with the appropriate permissions.
Systems Administrator
Commented:
Set up a group add the user to that group

Give the group full permissions   Ntfs and share permissions

Commented:
You could use Powershell for that. Something like this (untested):

gci "X:\your\folder" - Recurse| % {
  $acl = get-acl $_.fullname
  $newRule = New-Object System.Security.AccessControl.FileSystemAccessRule("username", "FullControl", "Allow")
  $acl.AddAccessRule($newRule)
  set-acl $_.fullname $acl
}

Open in new window

Replace "X:\your\folder" with the actual folder path and "username" with your IT manager's name.

HTH,
Dan
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Author

Commented:
Issue is there are so many profiles etc taking ownership will be messy as there is a lot to break.

You mentioned a GUI, have tried a few XCACLS gui tools with no success. I think we may need to logon to data server as local admin and run rather than domain admin. Group wont work - will only apply permissions one level down and there is a lot that is not inherited.

Thanks very much Dan, that seems like the best option although we'd like something with a GUI as we're getting more requests like this from different clients.

I have attached a screenshot of what were dealing with here
EEHelp.jpg

Commented:
You can hire someone to make you a nice frontend for the powershell script. Basically all the GUI tools in Windows 7+ are frontends to powershell scripts.
Lionel MMSmall Business IT Consultant

Commented:
I suggest you write down exactly what you want the end results on each root folder to be as well as the underlying folders. There is no way, either via script or with GUI that you can do what you are asking with "affecting" the folders in question so I suggest we move the focus from what you have now and trying to add a fix to providing us with the required results so we can write a script to go through all the files and folders and give them the permissions you require--this can be done by you providing csv list of folders, users & their required permissions example
c:\users\bob, bob, full control
and so on

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial