Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!
Access denied when trying to get NTFS permissions with the script. Could you please recommend the resolution. THank you
Hello,
I am running the script to collect the NTFS permissions. I am also planning to run another script to grant new NTFS permissions. I get Access Denied to many folders especially users. I also tried manually accessing the folder with the account I am running the script and I get the same error.
WHat is the most efficient way to setup access to everything for one account so that I can inventory all NTFS permissions and then set new target permissions on the shares.
I am running the script to collect the NTFS permissions. I am also planning to run another script to grant new NTFS permissions. I get Access Denied to many folders especially users. I also tried manually accessing the folder with the account I am running the script and I get the same error.
WHat is the most efficient way to setup access to everything for one account so that I can inventory all NTFS permissions and then set new target permissions on the shares.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 63
See, to read permissions is a privilege for itself. Simply use an account that has this privilege to execute your script. If you would like to use another account, you would need to modify permissions, first.
Hi,
Thank you so much, so If I get another account with READ permissions would that be enough to inventory all NTFS directories and then add new NTFS permissions for all directories? Dont I need more than read permissions to ADD new NTFS permissions to the folders?
Thank you so much, so If I get another account with READ permissions would that be enough to inventory all NTFS directories and then add new NTFS permissions for all directories? Dont I need more than read permissions to ADD new NTFS permissions to the folders?
The permission "read" includes the sub-permission called "read permissions", so yes, read is ok for listing permissions. To change permissions, you need full access.
Hi,
Thank you so much. Using another account is not an option since there are too many users and accounts that have explicit rights. Also, I have heard that taking ownership actually would break the home drive access and then we would have to run a script to add domain admins and the user account for the home drive back to each folder. I would certainly would not want to break access for all home drives...
What would be a good approach for giving full access to folders to one account that needs to add target groups permissions to all shares?
Please help
Thank you so much. Using another account is not an option since there are too many users and accounts that have explicit rights. Also, I have heard that taking ownership actually would break the home drive access and then we would have to run a script to add domain admins and the user account for the home drive back to each folder. I would certainly would not want to break access for all home drives...
What would be a good approach for giving full access to folders to one account that needs to add target groups permissions to all shares?
Please help
By default, the group administrators has all access needed to change or list permissions. Did you modify that?
So admins don't have any access? Then you need to read out the ownership, change it to administrators, change permissions and, if you need, change the ownership back.
dir /q c:\test
lists the owner of test.
takeown.exe can be used to change the owner
icacls.exe can change permissions.
dir /q c:\test
lists the owner of test.
takeown.exe can be used to change the owner
icacls.exe can change permissions.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003
From novice to tech pro — start learning today.
-
Windows Server 2003Certification: MCP Microsoft Certified Partner - Installing and Configu… 288 lessons
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2013 Part … 120 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2016 Part … 212 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.