• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 834
  • Last Modified:

inheritable Permissions / "you can't remove _______ because this object is inheriting permissions from its parent..."

At our company, we have a shared folder system.  There is a 2017 Budgets folder that my former boss set up so that everything inside this folder inherited the permissions of that parent folder.  I have a folder (of about 20 total) directly inside this Budgets folder in which I need to remove one specific user from.  Obviously, when I attempt to remove the user from the child folder, I get the "you can't remove _______ because this object is inheriting permissions from its parent" message.  If I click Advanced on the permissions of the child folder, un-check the Include inheritable permissions from the object's parent and click Remove, it wants to remove everyone's permissions (which I am trying to avoid).  Is there a better way to remove this one person without wiping everyone out and re-adding the ones that should have stayed?  Also, there are child folders/files inside this child folder that I want to inherit the new permissions I have modified.
0
Keith Schroeder
Asked:
Keith Schroeder
  • 3
  • 3
1 Solution
 
ManieyaK_Citrix Systems / Network AdminCommented:
yes the best way to accomplish this is set up Security Groups
manage users / permissions using these groups instead of assigning individual user rights
0
 
Keith SchroederAuthor Commented:
for this particular situation, its a little late for that.  not sure how this helps.
0
 
it_saigeDeveloperCommented:
You fail to mention your second option when you remove inheritable permissions.  When you disable the inheritance, you can remove all of the permissions or add/copy/convert (depending on your OS) the current permissions that are inherited; e.g. -

Windows 8/8.1/10 & Server 2012 -Capture.JPGWindows Vista/7 & Server 2003/2008 -Capture.JPGWindows XP/2000 & Server 2000 -Capture.JPG
Choosing the add, copy or convert option will cause the OS to use the current inherited permissions as a template for new explicit permissions.  Once you have converted them to explicit permissions, you can remove the offending permissions.  You can also apply the explicit permissions to the child objects by selecting the appropriate option after you convert the inherited permissions into explicit permissions (this way removing the offending permissions will cause all child objects to update).

-saige-
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
Keith SchroederAuthor Commented:
Its a Server 2008 machine.  I did mention the remove option in my original post.  If I click Remove though, it takes out every user who was granted access via the inheritable permissions option in the parent folder.  I then will have to re-add everyone who should have access.  Was trying to avoid that unless it is my only option.
0
 
it_saigeDeveloperCommented:
You want to use the 'Add' option.  This will take the current permissions that are inherited and turn them into explicit permissions (any existing explicit permissions are ignored).

-saige-
0
 
Keith SchroederAuthor Commented:
Are you saying I should add everyone again through that Add option and then those will override the inheritable permissions?  That sounds simple enough.  Do  I need to remove the inherited permissioned users once that is done?  I just opened the permission entry for one of the users to add them.  there are a lot of options.  What all do I choose to give them modify/write permissions but not full control/ownership?
0
 
it_saigeDeveloperCommented:
When you chose the add option all of the permissions that you currently see will remain (they will just be explicitly set as opposed to inherited).  Once you do this, then you can select the option to apply the explicit permissions to any child objects.  Once applied, you will then remove the permissions associated with the user you are inquiring about.  This will remove the permissions from the current folder and all child objects.

-saige-
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now