General discussion

Locked

NTFS security - child objects

By jbeale ·
We have installed a new backup system here, and it requires that the local administrator group on each client to have access to every file and directory on the system to be able to access it to back it up. Over time, our directories have been set to only allow domain admins, etc., and the local administrators group has been removed for whatever reasons. Well, the backup software is not backing up the folders and files that don't have adminitrators or the everyone group assigned. There are thousands of folders, so to go to each and every one to add the admin group would be almost impossible. I'd like to just add it to the root folder, and replicate the setting to child objects, but the only way I know to do that is to REPLACE the permissions on the child folders, which is not an option in this case (Subfolders include user directories, department folders, etc.) I am wondering if anybody knows of a tool that can be used to add a permission and propogate it throughout a folder structure, but not replace the permissions on the child folders; just add to them. Ideas?

Thanks,
-J

P.S. You would think that the backup software could have just used the backup operators group, but no, it has to be local admins... frustrating.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Legion_96 In reply to NTFS security - child obj ...

I see that no one has replied so I'll take a stab.

We've had a similar situation accure with Ultr-Bac Software. Where the administrator need full access rights to the folder, sub-directories and files to be backed-up.
I think the Windows 2000 resource kit has the tool you need.
Cacls.exe or Xcacls.exe can be used to replace users rights on files.
Something along with syntax like :
cacls *.* /e /G administrator:f
This would add the Local Admistrator to all files in the dir and give full control.
cacls *.* /e /P USERNAMEHERE:f
Would edit the ACL(permisions)adding full control for the USERNAME to *.* (all) files in the directory where you run this command.

Check out microsofts web site. Search For Cacls.exe

Best Wishes

Back to Security Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums