Provide full access to 1 user to Everyone's HOME drive

itadminhelp
itadminhelp used Ask the Experts™
on
Home drive gets created on the share when they login first time.

Path for home drive
\\servername\share$\usershare\%username%

So when user "John" logs in the home drive folder would be
\\servername\share$\usershare\John

"John" folder gets created with no inheritance from parent permission. It gives just John and administrators permission to the folder.
I want to give user "Sam"(who is not in  administrative group ) full permission to all folders under usershare folders(Which would be home folder to all other users).

I don't want to do it manually because it will take just too long to go through each folders.

Is  there a quick way to doing it? Through Any Group policy?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
What are the conditions of the connection by Sam?  Both John and Sam are on the same LAN, on different computers, at the same time?

While this is technically possible, I think you should create a top level share on the root of the server and give all required users the necessary permissions and security, then have your users store files and folders that are to be shared in that share.
Senior Citrix Engineer
Commented:
A quick script is the easiest way to do this.  You can use any number of tools, like cacls.exe, icacls.exe, subinacl.exe, powershell, etc.

For me, the easiest is just a quick command line with cacls.exe.

So, lets say your directory structure looks like this:
\\server\share\user1
\\server\share\user2
\\server\share\user3

Open in new window


Then with your administrator account (since it looks like you have already set the policy to add administrators to the home directory), you would just use this:
pushd \\server\share
for /d %f in (*) do cacls "%f" /e /t /g john:c

Open in new window


I tend to avoid giving users Full Control of this type of situation,, generally the Modify/Change permission (the c in the command above - /g john:c). This of course will let them add/delete/modify all the files.  It just does not give them the ability to take ownership or change permissions on existing files.

An icacls example:
pushd \\server\share
for /d %f in (*) do icacls "%f" /grant john:m /t /c 

Open in new window


Coralon

Commented:
Create a group for admins add to the root.
Add Creator Owner to the root.
Give the admins the required permissions and same for Creator Owner. Allow these permissions to propagate down the tree.

Moving forward when a user logs in for the first time the folder will be created. They are the creator owner so permissions will all be right. In addition any new admins can be added to the admins group.

As for the existing folders you will need to change the OWNER of each folder to point to the user. This can be done with a script using  icacls.exe

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial