Re: Create a domain account with full access to all files and folders?

Blast from the past ! You're welcome.
--
ra

<strsury@xxxxxxxxx> wrote in message
news:1164011133.792992.89550@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thank-you both for your timely reply! Apologies for not thanking you
sooner, we went with the
"backup-to-a-place-with-full-perms-and-index-from-there" route.

Thanks again!


Roger Abell [MVP] wrote:
You would likely be wary about doing massive changes
to the existing permissions of stored content. There is no
magic account, as the NTFS permissions are always obeyed,
except when access is done via the backup/restore APIs.
If the current permissions do not reliably provide a grant of
permissions to such as Administrators, then there is no group
you could use to allow an account to "become magic".
If your content is not too huge, you could try use of NTbackup
to copy content to an area where, when restored, it is restored
without restoring permissions. You would have the same
structures, but differently rooted, and if these new restore
roots granted to the magic group, then this could be indexed
by an account in the group.
Otherwise, you would need alter permissions on the originals.

<strsury@xxxxxxxxx> wrote in message
news:1161702187.813721.209720@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi all,

We are starting a document retention project. As part of this project,
we need to index all data on all file servers. The indexing program
runs under a domain account.

How do I create the account in such a way that it has full access to
every file and folder in the domain? (I've explained the security
implications to mgmt)

I tried it as both a "domain administrator" and "backup operator" but
neither account was able to access everything. Is there another way to
go about it?

Thanks in advance for any tips.

Cheers!




.

Relevant Pages

  • Re: Incoming E-Mail - cant create contact in OU
    ... account out of local administrator to attempt to find any denied access. ... I then added full permissions to my user account on both of these keys, ... local admin rights to the server hosting incoming email. ... what permission I need to give the app pool locally to avoid this issue. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Incoming E-Mail - cant create contact in OU
    ... account out of local administrator to attempt to find any denied ... I then added full permissions to my user account on both of these keys, ... that's for every app pool you create for every new web app on the ... local admin rights to the server hosting incoming email. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Win2k - Account Operator not working properly
    ... You very likely have other ACL issues other than what was mentioned and I can point them out here for you for free or you can pay someone $200-500 an hour to come check it out. ... In order for that to result in inheritence protection it means the schema had to be modified. ... set the account in the GUI to inherit from its parents. ... Used the delegation wizard, on the top level OU, to assign the desired permissions. ...
    (microsoft.public.windows.server.active_directory)
  • Consider Windows XP File Security and Group Policies
    ... If you are running Windows XP and are using the NTFS file system, ... Account from being able to purge its history footprint files. ... Changing Folder permissions to Read-Execute instead of Full ... you globally apply Full Control for the Administrators group and the SYSTEM ...
    (microsoft.public.windowsxp.general)
  • Re: Incoming E-Mail - cant create contact in OU
    ... account out of local administrator to attempt to find any denied access. ... I then added full permissions to my user account on both of these keys, ... local admin rights to the server hosting incoming email. ... what permission I need to give the app pool locally to avoid this issue. ...
    (microsoft.public.sharepoint.windowsservices)