Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

NTFS Permissions - Remove group from top parent folder which got inherited

Posted on 2014-11-17
4
Medium Priority
?
120 Views
Last Modified: 2015-01-14
I have a group which is granted NTFS permissions on top Level of a shared folder.  The shared folder is used for homedrives.

I need to get rid of the complete group, how should I do this?  I need to delete the group in AD and remove all the permissions which is granted to the group.  Please see attached screenshots.  I am talking about the group NSMProxyRights.

thanks
SU-Permissions1.jpg
SU-Permissions2.jpg
0
Comment
Question by:whenz
  • 2
4 Comments
 
LVL 5

Expert Comment

by:A Karelin
ID: 40446929
Delete this group on Share tab and Security tab and then in AD.
0
 

Author Comment

by:whenz
ID: 40446985
But what happens to child folders?  Are the permissions overwritten again from the parent folder once I remove the group?  

How about this plan?:
 1. write a powershell script which disables inheritance and leaves the permissions incl inherited permissions as they are.
 2. remove the group from the ntfs permissions using a powershell script.
 3. enable inheritance again.
0
 
LVL 5

Accepted Solution

by:
A Karelin earned 1200 total points
ID: 40447099
If inheritance is OK permissions will deleted correctly from top folder to child folders and files.
0
 
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 800 total points
ID: 40447324
that or it will be orphaned  and since the SID doesn't translate to any account it is effectively useless.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question