everyone share acl query

if the everyone group has full control at both the share and directory level on a windows server file share, but subdirectories on the share are more restrictive. without access to rdp onto the server itself, is there anyway a member of everyone could get access to the more restricted sub directories on which they are not on the ACL through standard tools such as powershell or windows explorer
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NVITEnd-user supportCommented:
From my test... No.

To test...
- I gave a UserA security full control on c:\rootfull, no inheritance.
- At subfolder c:\rootfull\sub1, I gave UserA read-only.
- At subfolder c:\rootfull\sub2, I gave UserA no access.

That done, UserA could not change the security of sub1 or sub2 via windows explorer. I presume powershell would result in the same.

Although I have not confirmed, I believe if UserA is a domain admin or administrator, he will be able to take ownership and thus control sub1 and sub2.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
Thanks.. I did read something that if you try and map to the folder as a mapped drive and the format you use in the path may prompt if you wish to gain access - will try that tommorow. It looks like in map network drive they used drive letter not just \\server\share. Not sure if you have to be on the server to do it can do it remotely.
pma111Author Commented:
also noticed there is 'replace all child objects with inheritable permissions from this object' within the advanced area of the security tab on the root of the share. would this 'wipe out' any more restrictive sub permissions on lower levels of the structure?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.