Provide full access to 1 user to Everyone's HOME drive
Home drive gets created on the share when they login first time.
Path for home drive
\\servername\share$\usersh
So when user "John" logs in the home drive folder would be
\\servername\share$\usersh
"John" folder gets created with no inheritance from parent permission. It gives just John and administrators permission to the folder.
I want to give user "Sam"(who is not in administrative group ) full permission to all folders under usershare folders(Which would be home folder to all other users).
I don't want to do it manually because it will take just too long to go through each folders.
Is there a quick way to doing it? Through Any Group policy?
Path for home drive
\\servername\share$\usersh
So when user "John" logs in the home drive folder would be
\\servername\share$\usersh
"John" folder gets created with no inheritance from parent permission. It gives just John and administrators permission to the folder.
I want to give user "Sam"(who is not in administrative group ) full permission to all folders under usershare folders(Which would be home folder to all other users).
I don't want to do it manually because it will take just too long to go through each folders.
Is there a quick way to doing it? Through Any Group policy?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
What are the conditions of the connection by Sam? Both John and Sam are on the same LAN, on different computers, at the same time?
While this is technically possible, I think you should create a top level share on the root of the server and give all required users the necessary permissions and security, then have your users store files and folders that are to be shared in that share.
While this is technically possible, I think you should create a top level share on the root of the server and give all required users the necessary permissions and security, then have your users store files and folders that are to be shared in that share.
A quick script is the easiest way to do this. You can use any number of tools, like cacls.exe, icacls.exe, subinacl.exe, powershell, etc.
For me, the easiest is just a quick command line with cacls.exe.
So, lets say your directory structure looks like this:
Then with your administrator account (since it looks like you have already set the policy to add administrators to the home directory), you would just use this:
I tend to avoid giving users Full Control of this type of situation,, generally the Modify/Change permission (the c in the command above - /g john:c). This of course will let them add/delete/modify all the files. It just does not give them the ability to take ownership or change permissions on existing files.
An icacls example:
Coralon
For me, the easiest is just a quick command line with cacls.exe.
So, lets say your directory structure looks like this:
\\server\share\user1
\\server\share\user2
\\server\share\user3
Then with your administrator account (since it looks like you have already set the policy to add administrators to the home directory), you would just use this:
pushd \\server\share
for /d %f in (*) do cacls "%f" /e /t /g john:c
I tend to avoid giving users Full Control of this type of situation,, generally the Modify/Change permission (the c in the command above - /g john:c). This of course will let them add/delete/modify all the files. It just does not give them the ability to take ownership or change permissions on existing files.
An icacls example:
pushd \\server\share
for /d %f in (*) do icacls "%f" /grant john:m /t /c
Coralon
Create a group for admins add to the root.
Add Creator Owner to the root.
Give the admins the required permissions and same for Creator Owner. Allow these permissions to propagate down the tree.
Moving forward when a user logs in for the first time the folder will be created. They are the creator owner so permissions will all be right. In addition any new admins can be added to the admins group.
As for the existing folders you will need to change the OWNER of each folder to point to the user. This can be done with a script using icacls.exe
Add Creator Owner to the root.
Give the admins the required permissions and same for Creator Owner. Allow these permissions to propagate down the tree.
Moving forward when a user logs in for the first time the folder will be created. They are the creator owner so permissions will all be right. In addition any new admins can be added to the admins group.
As for the existing folders you will need to change the OWNER of each folder to point to the user. This can be done with a script using icacls.exe
Premium Content
You need an Expert Office subscription to comment.Start Free Trial