give a user or group read permissions on folder and all subfolders

Posted on 2015-01-30
Last Modified: 2015-02-03
I have a RootFolder in windows 2003 server, which is shared to everyone with read and write permissions, and security permissions are assigned all users- read/write permissions.

RootFolder has more than 2000 subfolders, this subfolders are having a lot of subfolders.
For more than half of the subfolder security permissions are assigned as follow: inheritable permissions from parent are removed, all users permissions are removed, and custom permissions are assigned(different departments and users are having different permissions assigned, thus only needed persons are having access to this subfolders or subfolders of subfolders).

And now I have to give to several users read permissions to all subfolders and files in RootFolder.

If I assign to this several users read permission on RootFolder, the permissions don't propagate to subfolders for which inheritable permissions from parent are removed. Of course there is an option "propagate permissions to subfolder " which can be used , but not in my case because I need only to propagate this permissions for a user or a security group, and not  for all listed in security tab of RootFolder, i have to remind that all users are having read/write permissions assigned to RootFolder and if i choose propagate this will overwrite everything and all users will have access to all subfolders which is bad.

Is there any way to give a read permissions for a user or security group to all folders and subfolders in RootFolder?
Question by:dedri
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 29

Accepted Solution

serialband earned 350 total points
ID: 40581170
It's easier to do that on the command line with subinacl
Download subinacl
You can set groups or users:
subinacl  /subdirectories c:\testfolder\* /grant=example\USER=F
subinacl  /subdirectories c:\testfolder\* /grant=example\GROUP=F
LVL 25

Assisted Solution

Coralon earned 150 total points
ID: 40581744
You can also do it with icacls or cacls.exe

I use cacls all the time for this type of thing.
cacls c:\folder /e /t /g user:r

LVL 16

Expert Comment

by:Carol Chisholm
ID: 40582633
cacls is chance, but as you know Windows 2003 is out of support, so you should upgrade as soon as possible
icacls is more powerful.
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.


Author Comment

ID: 40583729
hello friends,
both command are working subinacl and cacls,
could you tell me what is the command if i want to revoke this access
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40583785
LVL 29

Expert Comment

ID: 40583959
subinacl /subdirectories c:\testfolder\* /revoke=example\USER
subinacl /subdirectories c:\testfolder\* /revoke=example\GROUP
LVL 25

Expert Comment

ID: 40585322
cacls c:\folder /e /t /r users


Author Closing Comment

ID: 40587185

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question