H_C_S
asked on
Folder Permissions
One of our clients IT Managers would like to have full access to ALL of their company data.
Within their company data there are 3 directories - Shared Data/Profiles/Users.
Is there any way to add a blanket full access permission to every file and folder within their data? A lot of these folders don't inherit permissions so its all a bit messy really.
This is possible for Shared data, but due to ACL within profiles and users we are unable to add this permission.
We have tried XCACLS with no luck, is there an alternative program that can facilitate this request?
Within their company data there are 3 directories - Shared Data/Profiles/Users.
Is there any way to add a blanket full access permission to every file and folder within their data? A lot of these folders don't inherit permissions so its all a bit messy really.
This is possible for Shared data, but due to ACL within profiles and users we are unable to add this permission.
We have tried XCACLS with no luck, is there an alternative program that can facilitate this request?
Only success I have had is to take ownership for that user then add the required permissions with calc or xcalc or through the GUI and then give ownership back to the original owner. But as you say it can get messy and I have found that sometimes it is simply better to move or copy the data to a new root folder with the appropriate permissions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could use Powershell for that. Something like this (untested):
HTH,
Dan
gci "X:\your\folder" - Recurse| % {
$acl = get-acl $_.fullname
$newRule = New-Object System.Security.AccessControl.FileSystemAccessRule("username", "FullControl", "Allow")
$acl.AddAccessRule($newRule)
set-acl $_.fullname $acl
}
Replace "X:\your\folder" with the actual folder path and "username" with your IT manager's name.HTH,
Dan
ASKER
Issue is there are so many profiles etc taking ownership will be messy as there is a lot to break.
You mentioned a GUI, have tried a few XCACLS gui tools with no success. I think we may need to logon to data server as local admin and run rather than domain admin. Group wont work - will only apply permissions one level down and there is a lot that is not inherited.
Thanks very much Dan, that seems like the best option although we'd like something with a GUI as we're getting more requests like this from different clients.
I have attached a screenshot of what were dealing with here
EEHelp.jpg
You mentioned a GUI, have tried a few XCACLS gui tools with no success. I think we may need to logon to data server as local admin and run rather than domain admin. Group wont work - will only apply permissions one level down and there is a lot that is not inherited.
Thanks very much Dan, that seems like the best option although we'd like something with a GUI as we're getting more requests like this from different clients.
I have attached a screenshot of what were dealing with here
EEHelp.jpg
You can hire someone to make you a nice frontend for the powershell script. Basically all the GUI tools in Windows 7+ are frontends to powershell scripts.
I suggest you write down exactly what you want the end results on each root folder to be as well as the underlying folders. There is no way, either via script or with GUI that you can do what you are asking with "affecting" the folders in question so I suggest we move the focus from what you have now and trying to add a fix to providing us with the required results so we can write a script to go through all the files and folders and give them the permissions you require--this can be done by you providing csv list of folders, users & their required permissions example
c:\users\bob, bob, full control
and so on
c:\users\bob, bob, full control
and so on