asked on
How to grant explicity permission modify to a user on a child folder in windows 2012
I am trying to grant explicitly modify access to a domain user on a child object which is 2 level down. Only the system and the local admin along with this user should have full access to this child object/folder. Effective permissions test shows that this user has required access (except- Full Control, take ownership, change permissions), but unable to create folders in it.
Windows Server 2012Microsoft Legacy OSMicrosoft Server OS
Last Comment
Member_2_7702693
I would check to make sure the folder is not inheriting permissions from the folder above it, then reapply the permissions
ASKER
Inheritance has been disabled, and all inherited permissions removed accept system/local admin/domain admin/specific domain user. In effective access tab in Windows 2012 I found the user doesn't have proper permission though the user has modify permissions. Refer attached.
Effective-permissions-on-child-folder-in
Effective-permissions-on-child-folder-in
Effective permissions showing that user only has read access
After you disabling inheritance, have you propagate those permissions to child objects from folder advance permissions?
If here you get errors, 1st you should take folder ownership and grant administrators full control and then try again
After you disabling inheritance, have you propagate those permissions to child objects from folder advance permissions?
If here you get errors, 1st you should take folder ownership and grant administrators full control and then try again
I suggest you use a command line utility called icacls http://ss64.com/nt/icacls.html. You can run it as one command or as separate commands. Interested in this approach? If so I can write the required commands for you.
U may try Subinacl utility to enforce specific user permissions to specific folder and sub folders
Subinacl /noverbose /Subdirectories "D:\1st folder\2nd folder\userdata\*" /grant=domain\user=c
OR
Subinacl /noverbose /Subdirectories "D:\1st folder\2nd folder\userdata\*" /grant=domain\user=WD
Replace domain\user with yours
The above command will grant specific user modify (C) OR Write and Delete (WD) permissions on all sub folders and files under Userdata
If you don't have permissions to do so, you might need 1st take ownership of entire folder, check below article for more info on folder ownership \ permissions problem and Subinacl download link as well.
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_17526-NTFS-File-System-Folder-ownership-problems-and-resolution.html
For Subinacl utility help
http://www.robvanderwoude.com/subinacl.php
Subinacl /noverbose /Subdirectories "D:\1st folder\2nd folder\userdata\*" /grant=domain\user=c
OR
Subinacl /noverbose /Subdirectories "D:\1st folder\2nd folder\userdata\*" /grant=domain\user=WD
Replace domain\user with yours
The above command will grant specific user modify (C) OR Write and Delete (WD) permissions on all sub folders and files under Userdata
If you don't have permissions to do so, you might need 1st take ownership of entire folder, check below article for more info on folder ownership \ permissions problem and Subinacl download link as well.
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_17526-NTFS-File-System-Folder-ownership-problems-and-resolution.html
For Subinacl utility help
http://www.robvanderwoude.com/subinacl.php
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.