Solved

give a user or group read permissions on folder and all subfolders

Posted on 2015-01-30
8
369 Views
Last Modified: 2015-02-03
I have a RootFolder in windows 2003 server, which is shared to everyone with read and write permissions, and security permissions are assigned all users- read/write permissions.

RootFolder has more than 2000 subfolders, this subfolders are having a lot of subfolders.
For more than half of the subfolder security permissions are assigned as follow: inheritable permissions from parent are removed, all users permissions are removed, and custom permissions are assigned(different departments and users are having different permissions assigned, thus only needed persons are having access to this subfolders or subfolders of subfolders).

And now I have to give to several users read permissions to all subfolders and files in RootFolder.

If I assign to this several users read permission on RootFolder, the permissions don't propagate to subfolders for which inheritable permissions from parent are removed. Of course there is an option "propagate permissions to subfolder " which can be used , but not in my case because I need only to propagate this permissions for a user or a security group, and not  for all listed in security tab of RootFolder, i have to remind that all users are having read/write permissions assigned to RootFolder and if i choose propagate this will overwrite everything and all users will have access to all subfolders which is bad.

Is there any way to give a read permissions for a user or security group to all folders and subfolders in RootFolder?
0
Comment
Question by:dedri
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 28

Accepted Solution

by:
serialband earned 350 total points
ID: 40581170
It's easier to do that on the command line with subinacl
Download subinacl https://www.microsoft.com/en-us/download/details.aspx?id=23510

http://windowsitpro.com/security/edit-permissions-subinacl
You can set groups or users:
subinacl  /subdirectories c:\testfolder\* /grant=example\USER=F
subinacl  /subdirectories c:\testfolder\* /grant=example\GROUP=F
0
 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 150 total points
ID: 40581744
You can also do it with icacls or cacls.exe

I use cacls all the time for this type of thing.
cacls c:\folder /e /t /g user:r

Coralon
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40582633
cacls is chance, but as you know Windows 2003 is out of support, so you should upgrade as soon as possible
icacls is more powerful.
0
 

Author Comment

by:dedri
ID: 40583729
hello friends,
both command are working subinacl and cacls,
could you tell me what is the command if i want to revoke this access
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40583785
0
 
LVL 28

Expert Comment

by:serialband
ID: 40583959
subinacl /subdirectories c:\testfolder\* /revoke=example\USER
subinacl /subdirectories c:\testfolder\* /revoke=example\GROUP
0
 
LVL 24

Expert Comment

by:Coralon
ID: 40585322
cacls c:\folder /e /t /r users

Coralon
0
 

Author Closing Comment

by:dedri
ID: 40587185
10x
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now