Solved

Folder Permissions

Posted on 2014-11-10
6
151 Views
Last Modified: 2015-05-05
One of our clients IT Managers would like to have full access to ALL of their company data.

Within their company data there are 3 directories - Shared Data/Profiles/Users.

Is there any way to add a blanket full access permission to every file and folder within their data? A lot of these folders don't inherit permissions so its all a bit messy really.

This is possible for Shared data, but due to ACL within profiles and users we are unable to add this permission.

We have tried XCACLS with no luck, is there an alternative program that can facilitate this request?
0
Comment
Question by:H_C_S
6 Comments
 
LVL 25

Expert Comment

by:Lionel MM
ID: 40434002
Only success I have had is to take ownership for that user then add the required permissions with calc or xcalc or through the GUI and then give ownership back to the original owner. But as you say it can get messy and I have found that sometimes it is simply better to move or copy the data to a new root folder with the appropriate permissions.
0
 
LVL 23

Accepted Solution

by:
Thomas Grassi earned 500 total points
ID: 40434092
Set up a group add the user to that group

Give the group full permissions   Ntfs and share permissions
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 40434331
You could use Powershell for that. Something like this (untested):

gci "X:\your\folder" - Recurse| % {
  $acl = get-acl $_.fullname
  $newRule = New-Object System.Security.AccessControl.FileSystemAccessRule("username", "FullControl", "Allow")
  $acl.AddAccessRule($newRule)
  set-acl $_.fullname $acl
}

Open in new window

Replace "X:\your\folder" with the actual folder path and "username" with your IT manager's name.

HTH,
Dan
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:H_C_S
ID: 40434765
Issue is there are so many profiles etc taking ownership will be messy as there is a lot to break.

You mentioned a GUI, have tried a few XCACLS gui tools with no success. I think we may need to logon to data server as local admin and run rather than domain admin. Group wont work - will only apply permissions one level down and there is a lot that is not inherited.

Thanks very much Dan, that seems like the best option although we'd like something with a GUI as we're getting more requests like this from different clients.

I have attached a screenshot of what were dealing with here
EEHelp.jpg
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 40434810
You can hire someone to make you a nice frontend for the powershell script. Basically all the GUI tools in Windows 7+ are frontends to powershell scripts.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 40435615
I suggest you write down exactly what you want the end results on each root folder to be as well as the underlying folders. There is no way, either via script or with GUI that you can do what you are asking with "affecting" the folders in question so I suggest we move the focus from what you have now and trying to add a fix to providing us with the required results so we can write a script to go through all the files and folders and give them the permissions you require--this can be done by you providing csv list of folders, users & their required permissions example
c:\users\bob, bob, full control
and so on
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question