Re: File permissions

From: DaveMo <david.mowers@xxxxxxxxx>
Date: Thu, 21 Feb 2008 12:57:27 -0800 (PST)

On Feb 21, 3:36 am, "LSR" <nos...@xxxxxxxxxx> wrote:

LSR wrote:

Zeno wrote:

We've already done that, but when they create new subfolders they
have the permission to modify the ACLs

Hmm. Could you set "deny" for Full Control for creator/owner, and
make sure it's inherited?

Nope - just tried it and it doesn't work.
I now realise that the creator-owner always has full control so can reset
permissions as they please. Maybe you could run a batch job every few
minutes to take ownership and set attributes of all files in this folder.

--
LSR

Why wouldn't it work just to take ownership of all user-created
folders since that is what is causing the root problem. Once the users
no longer own the folders, they shouldn't be able to subvert the
desired policy. Right? So once a day, run a script as admin that takes
ownership of each folder/file, strip the block inheritance setting if
set, and then let the inheritable permissions trickle in.

HTH,
Dave
.

References:
- File permissions
  - From: Zeno
- Re: File permissions
  - From: LSR
- Re: File permissions
  - From: Zeno
- Re: File permissions
  - From: LSR
- Re: File permissions
  - From: LSR

Prev by Date: AD Sites and Services subnets
Next by Date: sites and services question
Previous by thread: Re: File permissions
Next by thread: how to ad a workstation to a domain via registry?
Index(es):
- Date
- Thread

Relevant Pages

RE: Force Permission / Ownership Changes
... You tried to take ownership of the folders but the access was ... by anyone with the permission to grant permissions, ... Does the issue happen to all the folders you move from the old SBS? ...
(microsoft.public.windows.server.sbs)
Re: Administrator/Limited User security issues
... > folders for testing the security. ... > permissions but the admin. ... > ownership of the folder. ...
(microsoft.public.windowsxp.security_admin)
Re: XP Folder Ownership Problems, Permissions, Inheritances
... I can change the ownership of all my root folders to "Administrators". ... " Permissions", "Inheritances", Users can have certain levels of security ...
(microsoft.public.windowsxp.security_admin)
Re: SBS03 Repair redirected My Documents permissions
... Your actual access permissions are very likely fine. ... What usually happens to cause this is that sometimes a new SBS admin sets up a box and then later wants to change whether Administrators also get access to files The only way to make that change for *existing* users is to take ownership of the files/folders and then add or remove the appropriate group. ... So what you end up having is some folders owned by administrator when they had to make the change, and then some folders owned by the user because the user was created *after* the admin took ownership and fixed his GPO. ... Administrator as the creator/owner, some have the user as the creator/owner. ...
(microsoft.public.windows.server.sbs)
Re: Authenticated users permissions
... After that some files / folders did not have the permissions. ... Authenticated Users permission and select it to be Read Only (not denying ... > will turn them into the initial explicit permissions on the new inheritance ...
(microsoft.public.security)