Access denied when trying to get NTFS permissions with the script. Could you please recommend the resolution. THank you

creative555
creative555 used Ask the Experts™
on
Hello,
I am running the script to collect the NTFS permissions. I am also planning to run another script to grant new NTFS permissions. I get Access Denied to many folders especially users. I also tried manually accessing the folder with the account I am running the script and I get the same error.

WHat is the most efficient way to setup access to everything for one account so that I can inventory all NTFS permissions and then set new target permissions on the shares.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
See, to read permissions is a privilege for itself. Simply use an account that has this privilege to execute your script. If you would like to use another account, you would need to modify permissions, first.

Author

Commented:
Hi,
Thank you so much, so If I get another account with READ permissions would that be enough to inventory  all NTFS directories and then add new NTFS permissions for all directories? Dont I need more than read permissions to ADD new NTFS permissions to the folders?
Distinguished Expert 2018

Commented:
The permission "read" includes the sub-permission called "read permissions", so yes, read is ok for listing permissions. To change permissions, you need full access.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Hi,
Thank you so much. Using another account is not an option since there are too many users and accounts that have explicit rights. Also, I have heard that taking ownership actually would break the home drive access and then we would have to run a script to add domain admins and the user account for the home drive back to each folder. I would certainly would not want to break access for all home drives...

What would be a good approach for giving full access to folders to one account that needs to add target groups permissions to all shares?

Please help
Distinguished Expert 2018

Commented:
By default, the group administrators has all access needed to change or list permissions. Did you modify that?

Author

Commented:
I didn't but possibly someone previously did.....
Distinguished Expert 2018
Commented:
So admins don't have any access? Then you need to read out the ownership, change it to administrators, change permissions and, if you need, change the ownership back.
dir /q c:\test
lists the owner of test.
takeown.exe can be used to change the owner
icacls.exe can change permissions.

Author

Commented:
Thank you very much!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial