Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

give a user or group read permissions on folder and all subfolders

Posted on 2015-01-30
8
375 Views
Last Modified: 2015-02-03
I have a RootFolder in windows 2003 server, which is shared to everyone with read and write permissions, and security permissions are assigned all users- read/write permissions.

RootFolder has more than 2000 subfolders, this subfolders are having a lot of subfolders.
For more than half of the subfolder security permissions are assigned as follow: inheritable permissions from parent are removed, all users permissions are removed, and custom permissions are assigned(different departments and users are having different permissions assigned, thus only needed persons are having access to this subfolders or subfolders of subfolders).

And now I have to give to several users read permissions to all subfolders and files in RootFolder.

If I assign to this several users read permission on RootFolder, the permissions don't propagate to subfolders for which inheritable permissions from parent are removed. Of course there is an option "propagate permissions to subfolder " which can be used , but not in my case because I need only to propagate this permissions for a user or a security group, and not  for all listed in security tab of RootFolder, i have to remind that all users are having read/write permissions assigned to RootFolder and if i choose propagate this will overwrite everything and all users will have access to all subfolders which is bad.

Is there any way to give a read permissions for a user or security group to all folders and subfolders in RootFolder?
0
Comment
Question by:dedri
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 29

Accepted Solution

by:
serialband earned 350 total points
ID: 40581170
It's easier to do that on the command line with subinacl
Download subinacl https://www.microsoft.com/en-us/download/details.aspx?id=23510

http://windowsitpro.com/security/edit-permissions-subinacl
You can set groups or users:
subinacl  /subdirectories c:\testfolder\* /grant=example\USER=F
subinacl  /subdirectories c:\testfolder\* /grant=example\GROUP=F
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 150 total points
ID: 40581744
You can also do it with icacls or cacls.exe

I use cacls all the time for this type of thing.
cacls c:\folder /e /t /g user:r

Coralon
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40582633
cacls is chance, but as you know Windows 2003 is out of support, so you should upgrade as soon as possible
icacls is more powerful.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:dedri
ID: 40583729
hello friends,
both command are working subinacl and cacls,
could you tell me what is the command if i want to revoke this access
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40583785
0
 
LVL 29

Expert Comment

by:serialband
ID: 40583959
subinacl /subdirectories c:\testfolder\* /revoke=example\USER
subinacl /subdirectories c:\testfolder\* /revoke=example\GROUP
0
 
LVL 25

Expert Comment

by:Coralon
ID: 40585322
cacls c:\folder /e /t /r users

Coralon
0
 

Author Closing Comment

by:dedri
ID: 40587185
10x
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question