Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do you remove all folder and file permissions?

Posted on 2016-10-27
11
Medium Priority
?
112 Views
Last Modified: 2016-11-01
My assistant made a lot of permissions changes and now there are certain files that he is the only one listed in the security setting.   I want to remove the permissions from every folder, every file and then apply new ones.  How?
0
Comment
Question by:J.R. Sitman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 7

Expert Comment

by:jorge diaz
ID: 41863314
log in to the server as admin, find the folders you want to modify permissions to, right click\properties\security add-remove users. make sure you leave the domain admin group or whichever group you are a member with full access, that takes care of the ntfs permissions. similar process but select Select advanced sharing instead of Security to take care of the share permissions.
0
 

Author Comment

by:J.R. Sitman
ID: 41863317
just tried your suggestion.  See attached

security.png
0
 
LVL 7

Assisted Solution

by:jorge diaz
jorge diaz earned 1000 total points
ID: 41863322
i guess the other person has ownership of the file. when you go to security, select Advanced,  you'll see the owner listed on top, change it to your account or a group you're a member of, select the option to replace on sub-containers or subfolders, click on, and try again.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 8

Assisted Solution

by:Senior IT System Engineer
Senior IT System Engineer earned 1000 total points
ID: 41863338
Yes, you will need to take onwership ofthe directory objects & items below using the DOMAIN\Administrator or local server administrators group member, after that do the permission removal once again.
0
 

Author Comment

by:J.R. Sitman
ID: 41863351
I replaced the owner with my user name that didn't work.  Then with Administrator, that didn't work.  My assistant is still showing as the only person in the security settings.  Wouldn't moving the folder to another server, remove all the permissions?

security2.png
0
 
LVL 8

Assisted Solution

by:Senior IT System Engineer
Senior IT System Engineer earned 1000 total points
ID: 41863375
jrsitman,

No, NTFS will still retain its permission eventhough you attached the drive to another server.
0
 
LVL 8

Accepted Solution

by:
Senior IT System Engineer earned 1000 total points
ID: 41863380
One thing that you can try to do is to copy it across to different server and then remove the file permission as it is copying which can be done using

Robocopy:

robocopy \\SOURCE\Share  \\TARGET\Share /COPY:DAT /E /V /log:robocopyjob.txt /R:1 /W:1 /ZB

Open in new window


Or this GUI tool: https://blogs.technet.microsoft.com/keithcombs/2009/03/22/richcopy-bulk-file-copy-tool-released-get-it-here/
0
 

Author Comment

by:J.R. Sitman
ID: 41863996
Rich Copy seems to be working.  I'm still testing.   Is there a way to search a folder to find out what permissions are assigned to files.  In other words can I look for all files that have my assistants security assigned to them?
0
 

Author Comment

by:J.R. Sitman
ID: 41864254
did you see my question?

Is there a way to search a folder to find out what permissions are assigned to files.  In other words can I look for all files that have my assistants security assigned to them?
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41864621
powershell
$output = @()
$searchuser = "NT AUTHORITY\SYSTEM"
$path = 'c:\temp'
$files = get-childitem $path -recurse
 foreach ($file in $files){
    
    $nacls =   get-acl $file.fullname
    if ($nacls.owner -eq $searchuser)
        {
        $object = New-Object -TypeName PSObject
        #$object | Add-Member -MemberType NoteProperty -Name Owner -Value $nacls.Owner
        $object | Add-Member -MemberType NoteProperty -Name Path -Value $nacls.Path
        $output += $object
        }
}
Write-Output ("Path Searched: {0}   Search User: {1}" -f $path, $searchuser)
$output | Split-Path -Leaf

Open in new window

1
 

Author Closing Comment

by:J.R. Sitman
ID: 41868832
Rich Copy was the best option.   Thanks
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question