Solved

give a user or group read permissions on folder and all subfolders

Posted on 2015-01-30
8
366 Views
Last Modified: 2015-02-03
I have a RootFolder in windows 2003 server, which is shared to everyone with read and write permissions, and security permissions are assigned all users- read/write permissions.

RootFolder has more than 2000 subfolders, this subfolders are having a lot of subfolders.
For more than half of the subfolder security permissions are assigned as follow: inheritable permissions from parent are removed, all users permissions are removed, and custom permissions are assigned(different departments and users are having different permissions assigned, thus only needed persons are having access to this subfolders or subfolders of subfolders).

And now I have to give to several users read permissions to all subfolders and files in RootFolder.

If I assign to this several users read permission on RootFolder, the permissions don't propagate to subfolders for which inheritable permissions from parent are removed. Of course there is an option "propagate permissions to subfolder " which can be used , but not in my case because I need only to propagate this permissions for a user or a security group, and not  for all listed in security tab of RootFolder, i have to remind that all users are having read/write permissions assigned to RootFolder and if i choose propagate this will overwrite everything and all users will have access to all subfolders which is bad.

Is there any way to give a read permissions for a user or security group to all folders and subfolders in RootFolder?
0
Comment
Question by:dedri
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 27

Accepted Solution

by:
serialband earned 350 total points
Comment Utility
It's easier to do that on the command line with subinacl
Download subinacl https://www.microsoft.com/en-us/download/details.aspx?id=23510

http://windowsitpro.com/security/edit-permissions-subinacl
You can set groups or users:
subinacl  /subdirectories c:\testfolder\* /grant=example\USER=F
subinacl  /subdirectories c:\testfolder\* /grant=example\GROUP=F
0
 
LVL 23

Assisted Solution

by:Coralon
Coralon earned 150 total points
Comment Utility
You can also do it with icacls or cacls.exe

I use cacls all the time for this type of thing.
cacls c:\folder /e /t /g user:r

Coralon
0
 
LVL 16

Expert Comment

by:Carol Chisholm
Comment Utility
cacls is chance, but as you know Windows 2003 is out of support, so you should upgrade as soon as possible
icacls is more powerful.
0
 

Author Comment

by:dedri
Comment Utility
hello friends,
both command are working subinacl and cacls,
could you tell me what is the command if i want to revoke this access
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 16

Expert Comment

by:Carol Chisholm
Comment Utility
0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
subinacl /subdirectories c:\testfolder\* /revoke=example\USER
subinacl /subdirectories c:\testfolder\* /revoke=example\GROUP
0
 
LVL 23

Expert Comment

by:Coralon
Comment Utility
cacls c:\folder /e /t /r users

Coralon
0
 

Author Closing Comment

by:dedri
Comment Utility
10x
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now