Re: File and Folder Permissions

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 04/13/05 

Date: Wed, 13 Apr 2005 08:21:05 -0700

New file and folders that are defined by user accounts always
have permissions determined by where they are. If you want
UserX to have Full control over all new files and folders then
you need to have an inheritable grant of Full control to UserX
set in place on every existing inheritance point. Since there
are very many files in Windows\System32 that have their NTFS
permissions set explicitly, and also quite a number of folders
that define new inheritance points in the boot partition, you
would need to locate and adjust each of these.

When doing this you should not use UserX but instead a group.

After you have done that, then you will need to practice vigilance
over new folders defined other than by direct action of a user
account, such as a new profile directory. Since these are handled
specially their initial permissions are not governed by the NTFS
inheritable permissions of their parent, and so will often need
adjustment in order to meet your requirement.

Other than perhaps the System account, there is no account that
has a grant to all content of the NTFS filesystems when W2k3 is
in its default installation state. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"TJ" <TJ@discussions.microsoft.com> wrote in message
news:3315B52B-51DA-4930-B712-09AFBE5815BF@microsoft.com...
> I want to have a certain account that has full control of every file and
> folder on my server.  I am running 2003 standard.  I know currently on my
NT
> server every time I create a new folder a certain user account is
> automatically added to the permissions with full control.  I would like to
> know how this was set up and how to do it on server 2003.  Thanks in
advance.

Relevant Pages

  • Consider Windows XP File Security and Group Policies
    ... If you are running Windows XP and are using the NTFS file system, ... Account from being able to purge its history footprint files. ... Changing Folder permissions to Read-Execute instead of Full ... you globally apply Full Control for the Administrators group and the SYSTEM ...
    (microsoft.public.windowsxp.general)
  • Re: Server Unavailable - ASP.NET 2.0 on Windows XP
    ... The -ga command isn't a part of that beta version. ... permissions to the global assembly cache. ... Please review the steps in it, for creating a service account for an ASP.NET 2.0 application, ... I've also tried the aspnet_regiis thing as well as setting permissions on folders as described ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Homefolder path on multiple users with already existing home folders...
    ... "Somebody" messed up our security settings on the homefolders, ... folders anymore... ... So I tried to take one user, wihout his own permissions, went in to ... for account names and granting that account and administrators access. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Strange Public Folder permission assignments
    ... Only mail-enabled public folders have a presence in the AD ... If you used Outlook to set the permissions the folders will have the ... But they must have an account in the AD for you to set the ... Our Exchange box is in the top level domain, ...
    (microsoft.public.exchange.admin)
  • Re: Creating Multiple FTP Users and Containers (2000 Server + IIS)
    ... >complete Windows Scripting novice so I’m hoping that I can get some help on ... >What I am even more unsure of is scripting the creation of Virtual Folders ... The permissions will need to be set to ... >account will need to be given ‘modify’ permissions (everything except ‘full ...
    (microsoft.public.windows.server.scripting)