Solved

give a user or group read permissions on folder and all subfolders

Posted on 2015-01-30
8
388 Views
Last Modified: 2015-02-03
I have a RootFolder in windows 2003 server, which is shared to everyone with read and write permissions, and security permissions are assigned all users- read/write permissions.

RootFolder has more than 2000 subfolders, this subfolders are having a lot of subfolders.
For more than half of the subfolder security permissions are assigned as follow: inheritable permissions from parent are removed, all users permissions are removed, and custom permissions are assigned(different departments and users are having different permissions assigned, thus only needed persons are having access to this subfolders or subfolders of subfolders).

And now I have to give to several users read permissions to all subfolders and files in RootFolder.

If I assign to this several users read permission on RootFolder, the permissions don't propagate to subfolders for which inheritable permissions from parent are removed. Of course there is an option "propagate permissions to subfolder " which can be used , but not in my case because I need only to propagate this permissions for a user or a security group, and not  for all listed in security tab of RootFolder, i have to remind that all users are having read/write permissions assigned to RootFolder and if i choose propagate this will overwrite everything and all users will have access to all subfolders which is bad.

Is there any way to give a read permissions for a user or security group to all folders and subfolders in RootFolder?
0
Comment
Question by:dedri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 30

Accepted Solution

by:
serialband earned 350 total points
ID: 40581170
It's easier to do that on the command line with subinacl
Download subinacl https://www.microsoft.com/en-us/download/details.aspx?id=23510

http://windowsitpro.com/security/edit-permissions-subinacl
You can set groups or users:
subinacl  /subdirectories c:\testfolder\* /grant=example\USER=F
subinacl  /subdirectories c:\testfolder\* /grant=example\GROUP=F
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 150 total points
ID: 40581744
You can also do it with icacls or cacls.exe

I use cacls all the time for this type of thing.
cacls c:\folder /e /t /g user:r

Coralon
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40582633
cacls is chance, but as you know Windows 2003 is out of support, so you should upgrade as soon as possible
icacls is more powerful.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:dedri
ID: 40583729
hello friends,
both command are working subinacl and cacls,
could you tell me what is the command if i want to revoke this access
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40583785
0
 
LVL 30

Expert Comment

by:serialband
ID: 40583959
subinacl /subdirectories c:\testfolder\* /revoke=example\USER
subinacl /subdirectories c:\testfolder\* /revoke=example\GROUP
0
 
LVL 25

Expert Comment

by:Coralon
ID: 40585322
cacls c:\folder /e /t /r users

Coralon
0
 

Author Closing Comment

by:dedri
ID: 40587185
10x
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question