Access denied when trying to get NTFS permissions with the script. Could you please recommend the resolution. THank you

Hello,
I am running the script to collect the NTFS permissions. I am also planning to run another script to grant new NTFS permissions. I get Access Denied to many folders especially users. I also tried manually accessing the folder with the account I am running the script and I get the same error.

WHat is the most efficient way to setup access to everything for one account so that I can inventory all NTFS permissions and then set new target permissions on the shares.
creative555Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
See, to read permissions is a privilege for itself. Simply use an account that has this privilege to execute your script. If you would like to use another account, you would need to modify permissions, first.
0
creative555Author Commented:
Hi,
Thank you so much, so If I get another account with READ permissions would that be enough to inventory  all NTFS directories and then add new NTFS permissions for all directories? Dont I need more than read permissions to ADD new NTFS permissions to the folders?
0
McKnifeCommented:
The permission "read" includes the sub-permission called "read permissions", so yes, read is ok for listing permissions. To change permissions, you need full access.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

creative555Author Commented:
Hi,
Thank you so much. Using another account is not an option since there are too many users and accounts that have explicit rights. Also, I have heard that taking ownership actually would break the home drive access and then we would have to run a script to add domain admins and the user account for the home drive back to each folder. I would certainly would not want to break access for all home drives...

What would be a good approach for giving full access to folders to one account that needs to add target groups permissions to all shares?

Please help
0
McKnifeCommented:
By default, the group administrators has all access needed to change or list permissions. Did you modify that?
0
creative555Author Commented:
I didn't but possibly someone previously did.....
0
McKnifeCommented:
So admins don't have any access? Then you need to read out the ownership, change it to administrators, change permissions and, if you need, change the ownership back.
dir /q c:\test
lists the owner of test.
takeown.exe can be used to change the owner
icacls.exe can change permissions.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
creative555Author Commented:
Thank you very much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.