asked on
Access denied when trying to get NTFS permissions with the script. Could you please recommend the resolution. THank you
Hello,
I am running the script to collect the NTFS permissions. I am also planning to run another script to grant new NTFS permissions. I get Access Denied to many folders especially users. I also tried manually accessing the folder with the account I am running the script and I get the same error.
WHat is the most efficient way to setup access to everything for one account so that I can inventory all NTFS permissions and then set new target permissions on the shares.
I am running the script to collect the NTFS permissions. I am also planning to run another script to grant new NTFS permissions. I get Access Denied to many folders especially users. I also tried manually accessing the folder with the account I am running the script and I get the same error.
WHat is the most efficient way to setup access to everything for one account so that I can inventory all NTFS permissions and then set new target permissions on the shares.
Windows Server 2003Active DirectoryPowershell
Last Comment
creative555
See, to read permissions is a privilege for itself. Simply use an account that has this privilege to execute your script. If you would like to use another account, you would need to modify permissions, first.
ASKER
Hi,
Thank you so much, so If I get another account with READ permissions would that be enough to inventory all NTFS directories and then add new NTFS permissions for all directories? Dont I need more than read permissions to ADD new NTFS permissions to the folders?
Thank you so much, so If I get another account with READ permissions would that be enough to inventory all NTFS directories and then add new NTFS permissions for all directories? Dont I need more than read permissions to ADD new NTFS permissions to the folders?
The permission "read" includes the sub-permission called "read permissions", so yes, read is ok for listing permissions. To change permissions, you need full access.
ASKER
Hi,
Thank you so much. Using another account is not an option since there are too many users and accounts that have explicit rights. Also, I have heard that taking ownership actually would break the home drive access and then we would have to run a script to add domain admins and the user account for the home drive back to each folder. I would certainly would not want to break access for all home drives...
What would be a good approach for giving full access to folders to one account that needs to add target groups permissions to all shares?
Please help
Thank you so much. Using another account is not an option since there are too many users and accounts that have explicit rights. Also, I have heard that taking ownership actually would break the home drive access and then we would have to run a script to add domain admins and the user account for the home drive back to each folder. I would certainly would not want to break access for all home drives...
What would be a good approach for giving full access to folders to one account that needs to add target groups permissions to all shares?
Please help
By default, the group administrators has all access needed to change or list permissions. Did you modify that?
ASKER
I didn't but possibly someone previously did.....
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you very much!