Provide full access to 1 user to Everyone's HOME drive

Home drive gets created on the share when they login first time.

Path for home drive
\\servername\share$\usershare\%username%

So when user "John" logs in the home drive folder would be
\\servername\share$\usershare\John

"John" folder gets created with no inheritance from parent permission. It gives just John and administrators permission to the folder.
I want to give user "Sam"(who is not in  administrative group ) full permission to all folders under usershare folders(Which would be home folder to all other users).

I don't want to do it manually because it will take just too long to go through each folders.

Is  there a quick way to doing it? Through Any Group policy?
itadminhelpAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Larry Struckmeyer MVPCommented:
What are the conditions of the connection by Sam?  Both John and Sam are on the same LAN, on different computers, at the same time?

While this is technically possible, I think you should create a top level share on the root of the server and give all required users the necessary permissions and security, then have your users store files and folders that are to be shared in that share.
0
CoralonCommented:
A quick script is the easiest way to do this.  You can use any number of tools, like cacls.exe, icacls.exe, subinacl.exe, powershell, etc.

For me, the easiest is just a quick command line with cacls.exe.

So, lets say your directory structure looks like this:
\\server\share\user1
\\server\share\user2
\\server\share\user3

Open in new window


Then with your administrator account (since it looks like you have already set the policy to add administrators to the home directory), you would just use this:
pushd \\server\share
for /d %f in (*) do cacls "%f" /e /t /g john:c

Open in new window


I tend to avoid giving users Full Control of this type of situation,, generally the Modify/Change permission (the c in the command above - /g john:c). This of course will let them add/delete/modify all the files.  It just does not give them the ability to take ownership or change permissions on existing files.

An icacls example:
pushd \\server\share
for /d %f in (*) do icacls "%f" /grant john:m /t /c 

Open in new window


Coralon
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brett DanneyIT ArchitectCommented:
Create a group for admins add to the root.
Add Creator Owner to the root.
Give the admins the required permissions and same for Creator Owner. Allow these permissions to propagate down the tree.

Moving forward when a user logs in for the first time the folder will be created. They are the creator owner so permissions will all be right. In addition any new admins can be added to the admins group.

As for the existing folders you will need to change the OWNER of each folder to point to the user. This can be done with a script using  icacls.exe
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.