Automatically force propagation of NTFS permissions...?

From: drlandau@xxxxxxxxx
Date: 23 Nov 2006 23:55:17 -0800

When setting NTFS permissions of a folder in Windows 2000/Windows
Server 2003 you can choose to propagate the security ACLs to all child
objects ("Security tab" - "Advanced..." - "Permissions" tab" "Reset
permissions on all child objects...") - in essence reset all security
ACLs below a certain point in a directory structure. Works great except
it could be very nice to be able to ADD or REMOVE individual ACLs below
a certain point - wishful thinking I guess...

When COPYING files or folders to a folder within the directory
structure, the files/folders will inherit the security ACLs from the
parent folder. Great, no sweat.

BUT! When MOVING files or folders (essentially cut'n'paste using Ctrl+X
Ctrl+V) the security ACLs of the objects are retained leaving you with
a set of files/folders with one set of permission in a directory
stucture with a completely different set of permissions. It works like
designed, but consider the following scenario:

We have 2 users - User1 and User2.
User1 have full access to the directories Folder1 and Folder2
User2 only have full access to the directory Folder1
If User1 moves contents from Folder2 to Folder1, then there's suddenly
files/folders within Folder1 that User2 doesn't have access to, because
they have retained the security ACLs they had in Folder2 - even though
on the top-level of Folder1 User2 should have full access to all files
and folders below Folder1.

See the problem?

I really miss an option on the folder that will ensure that no matter
if you copy or move files to a certain directory structure, the
permissions will ALWAYS be reset to match that of the destination
directory.

Is there a hidden feature somewhere that I haven't found yet...? Or
cannot this be done...? :-/

(a scheduled reset of permissions using a script is not an valid
option)

Any thoughts???

Thanks!
/Nicolaj Rasmussen

.

Follow-Ups:
- Re: Automatically force propagation of NTFS permissions...?
  - From: Roger Abell [MVP]

Prev by Date: RE: Import certificate to "All users"
Next by Date: Re: certreq with name-format "Lastname, Firstname"
Previous by thread: Scheduled Tasks - Strange Permissions Issue
Next by thread: Re: Automatically force propagation of NTFS permissions...?
Index(es):
- Date
- Thread

Relevant Pages

Re: NTFS Permissions
... Disclaimer: This posting is provided "AS IS" with no warranties, ... Added Read only to Folder1 for Everyone under Security tab. ... NTFS permissions | Work | give the "Modify" permission to a group ...
(microsoft.public.windows.server.general)
Re: NTFS Permissions
... This posting is provided "AS IS" with no warranties, and confers no rights. ... Added Read only to Folder1 for Everyone under Security tab. ... NTFS permissions | Work | give the "Modify" permission to a group ...
(microsoft.public.windows.server.general)
Re: NTFS Permissions
... This posting is provided "AS IS" with no warranties, and confers no rights. ... Added Read only to Folder1 for Everyone under Security tab. ... NTFS permissions | Work | give the "Modify" permission to a group ...
(microsoft.public.windows.server.general)
Re: NTFS Permissions
... If not the new security access token is not active for the user account. ... Added Read only to Folder1 for Everyone under Security tab. ... I want all my clients connecting to this folder to be able to ... NTFS permissions | Work | give the "Modify" permission to a group ...
(microsoft.public.windows.server.general)
Re: NTFS Permissions
... aren't you a member of another group which has Modify permissions on Folder1? ... Added Read only to Folder1 for Everyone under Security tab. ... Added Modify to Folder2 for Everyone under Secuirty tab. ...
(microsoft.public.windows.server.general)