Re: Q.) NTFS rights - How to Append NTFS assignments

Billy <UseNewz@xxxxxxxxxxx> wrote:
We have setup a folder and subfolders that include NTFS and Share
security. The Share is setup to Everyone with Full access and the NTFS
security restricts the permissions to only those authorized. We have
multiple departments all requiring varying levels of authority.

The issue I have is that when someone from a department calls me and
says they need new security access, we provide the access as requested
via NTFS from the parent folder being requested to change - however I
lose all existing subordinate folder NTFS assignments through that
process. They get totally erased and overwritten explicitly with the
changes that I make. Instead I want the chages to be *appended*
instead of overwritten.

I think what I do is go into Advanced and check the "replace all child
subordinate....." option and leave the "inherit from the parent"
option checked.

I need subordinate folders to retain existing NTFS security rights but
*append* (not overwrite) new changes when required......What am I
missing?

Frankly, I suggest that instead of using this complex system of differing
permissions on subfolders, set up different *shares* for your departments.
It is much easier to maintain, much easier to secure. Set up AD security
groups for each department and make sure that the NTFS permissions on each
shared folder are not set to inherit from parent, but include
Administrators, System and <group name> = full control. Leave the share
permissions to have full control.

You can use the same drive letter for each department, even, if you wish -
ifmember from the resource kit is one way. That way, each department has a
(for example) G drive that points to their own department's group share.

Beyond that, you could start looking into xcacls (and making sure
inheritence is not ticked), but as mentioned you'll be much better off if
one share = one set of permissions.



.

Relevant Pages

  • Re: Q.) NTFS rights - How to Append NTFS assignments
    ... The Share is setup to Everyone with Full access and the NTFS ... security restricts the permissions to only those authorized. ... via NTFS from the parent folder being requested to change - however I ... permissions on subfolders, set up different *shares* for your departments.. ...
    (microsoft.public.windows.server.sbs)
  • Re: Why does Everyone have Full Control of everthing?
    ... Analysis snap-in to apply the Setup Security template to my machine, ... Perhaps I should have only applied the file permissions ... using the personal account created at setup. ... >list of default NTFS permissions for Windows 2000. ...
    (microsoft.public.windowsxp.general)
  • Re: Cannot write to shared folder on W2K8 server
    ... Folder Sharing Security. ... NTFS permissions are also valid with only SYSTEM ...
    (microsoft.public.windows.server.general)
  • Re: Windows Desktop Lockdown on 2000 Server Environment
    ... permissions are locked down to prevent a user from accessing what they should not. ... XP has pretty good ntfs security. ... Check the advanced page of the security page to check advanced ... > GPO on a test OU and have made some progress. ...
    (microsoft.public.win2000.security)
  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)