TechRepublic|Forums|Security

Security

General discussion

  • Creator
    Topic
  • September 2, 2003 at 10:35 am #2307365

    NTFS security – child objects

    Locked

    by jbeale · about 20 years, 7 months ago

    We have installed a new backup system here, and it requires that the local administrator group on each client to have access to every file and directory on the system to be able to access it to back it up. Over time, our directories have been set to only allow domain admins, etc., and the local administrators group has been removed for whatever reasons. Well, the backup software is not backing up the folders and files that don’t have adminitrators or the everyone group assigned. There are thousands of folders, so to go to each and every one to add the admin group would be almost impossible. I’d like to just add it to the root folder, and replicate the setting to child objects, but the only way I know to do that is to REPLACE the permissions on the child folders, which is not an option in this case (Subfolders include user directories, department folders, etc.) I am wondering if anybody knows of a tool that can be used to add a permission and propogate it throughout a folder structure, but not replace the permissions on the child folders; just add to them. Ideas?

    Thanks,
    -J

    P.S. You would think that the backup software could have just used the backup operators group, but no, it has to be local admins… frustrating.

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • September 18, 2003 at 3:22 pm #2742547

      Reply To: NTFS security – child objects

      by legion_96 · about 20 years, 7 months ago

      In reply to NTFS security – child objects

      I see that no one has replied so I’ll take a stab.

      We’ve had a similar situation accure with Ultr-Bac Software. Where the administrator need full access rights to the folder, sub-directories and files to be backed-up.
      I think the Windows 2000 resource kit has the tool you need.
      Cacls.exe or Xcacls.exe can be used to replace users rights on files.
      Something along with syntax like :
      cacls *.* /e /G administrator:f
      This would add the Local Admistrator to all files in the dir and give full control.
      cacls *.* /e /P USERNAMEHERE:f
      Would edit the ACL(permisions)adding full control for the USERNAME to *.* (all) files in the directory where you run this command.

      Check out microsofts web site. Search For Cacls.exe

      Best Wishes

  • Author
    Replies
Viewing 0 reply threads