Avatar of creative555
creative555
 asked on

Access denied when trying to get NTFS permissions with the script. Could you please recommend the resolution. THank you

Hello,
I am running the script to collect the NTFS permissions. I am also planning to run another script to grant new NTFS permissions. I get Access Denied to many folders especially users. I also tried manually accessing the folder with the account I am running the script and I get the same error.

WHat is the most efficient way to setup access to everything for one account so that I can inventory all NTFS permissions and then set new target permissions on the shares.
Windows Server 2003Active DirectoryPowershell

Avatar of undefined
Last Comment
creative555

8/22/2022 - Mon
McKnife

See, to read permissions is a privilege for itself. Simply use an account that has this privilege to execute your script. If you would like to use another account, you would need to modify permissions, first.
creative555

ASKER
Hi,
Thank you so much, so If I get another account with READ permissions would that be enough to inventory  all NTFS directories and then add new NTFS permissions for all directories? Dont I need more than read permissions to ADD new NTFS permissions to the folders?
McKnife

The permission "read" includes the sub-permission called "read permissions", so yes, read is ok for listing permissions. To change permissions, you need full access.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
creative555

ASKER
Hi,
Thank you so much. Using another account is not an option since there are too many users and accounts that have explicit rights. Also, I have heard that taking ownership actually would break the home drive access and then we would have to run a script to add domain admins and the user account for the home drive back to each folder. I would certainly would not want to break access for all home drives...

What would be a good approach for giving full access to folders to one account that needs to add target groups permissions to all shares?

Please help
McKnife

By default, the group administrators has all access needed to change or list permissions. Did you modify that?
creative555

ASKER
I didn't but possibly someone previously did.....
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
McKnife

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
creative555

ASKER
Thank you very much!