Re: Q.) NTFS rights - How to Append NTFS assignments
- From: Billy <UseNewz@xxxxxxxxxxx>
- Date: Tue, 2 Sep 2008 12:34:11 -0700 (PDT)
On Sep 2, 2:51 pm, "Lanwench [MVP - Exchange]"
<lanwe...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Billy <UseN...@xxxxxxxxxxx> wrote:
We have setup a folder and subfolders that include NTFS and Share
security. The Share is setup to Everyone with Full access and the NTFS
security restricts the permissions to only those authorized. We have
multiple departments all requiring varying levels of authority.
The issue I have is that when someone from a department calls me and
says they need new security access, we provide the access as requested
via NTFS from the parent folder being requested to change - however I
lose all existing subordinate folder NTFS assignments through that
process. They get totally erased and overwritten explicitly with the
changes that I make. Instead I want the chages to be *appended*
instead of overwritten.
I think what I do is go into Advanced and check the "replace all child
subordinate....." option and leave the "inherit from the parent"
option checked.
I need subordinate folders to retain existing NTFS security rights but
*append* (not overwrite) new changes when required......What am I
missing?
Frankly, I suggest that instead of using this complex system of differing
permissions on subfolders, set up different *shares* for your departments..
It is much easier to maintain, much easier to secure. Set up AD security
groups for each department and make sure that the NTFS permissions on each
shared folder are not set to inherit from parent, but include
Administrators, System and <group name> = full control. Leave the share
permissions to have full control.
You can use the same drive letter for each department, even, if you wish -
ifmember from the resource kit is one way. That way, each department has a
(for example) G drive that points to their own department's group share.
Beyond that, you could start looking into xcacls (and making sure
inheritence is not ticked), but as mentioned you'll be much better off if
one share = one set of permissions.- Hide quoted text -
- Show quoted text -
Thank you for the response but this is not really an option for me.
I should clarify - I have multiple departments required varying levels
of access to the ***same department*** folder. In other words, I have
a Finance folder with hundreds of subfolders. Differant departments
need differant levels of access to various subfolders within the root
Finance folder. I dont know what or who will need access next - it's
not something that is all decided up front. When a new team wants
access to a subfolder that was already assigned rights, the assignment
of new rights for the appended departments wipes out anything below
that was previously assigned. I want to append the additional rights,
not overwrite it.
There's got to be a way to manage this with one share that is more
efficient than the issues I experience. Do you have any further
suggestions?
.
- References:
- Q.) NTFS rights - How to Append NTFS assignments
- From: Billy
- Re: Q.) NTFS rights - How to Append NTFS assignments
- From: Lanwench [MVP - Exchange]
- Q.) NTFS rights - How to Append NTFS assignments
- Prev by Date: Re: Move Exchange 2000 to 2003
- Next by Date: Re: How to use Windows Backup?!!
- Previous by thread: Re: Q.) NTFS rights - How to Append NTFS assignments
- Next by thread: New switch issue or sbs issue?
- Index(es):
Relevant Pages
|
