Question

  Asked: Apr 30 2008   7:43 PM GMT
  Asked by: Buddyfarr


mass security change on folders


Windows 2000 Server, Windows Server 2003, Folder security, User permissions, Windows Security

We have a script that sets up new users. It sets where the profile directory is to go but does not create it. When the user first logs in it creates the directory and works fine. What I have found is that when it creates it the only account that has access to it is the user's account. Local or Domain Admins do not have access unless I go in and take ownership of the directory. But If I do that the user's account gets taken off of the security tab. So I re-add the account and give them full access to the folder, sub-folders and files. Then replicate it throughout the directory. When the user logs in they get an access denied to the profile directory even though I have checked the files and they have the rights. I have since changed the script to setup the folder too and set the correct rights. What I need to know is if there is a way to add domain admins full control rights to all the existing profile directories without hosing the user's rights to the folder?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window

Answer Wiki (Improve, edit or add to this answer)


 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0



Hello Buddyfarr,
can you post here the script you are talking about so i can have a look at it?
Bye
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Microsoft Windows and Security.

Looking for relevant Microsoft Windows Whitepapers? Visit the SearchWinIT.com Research Library.


Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Buddyfarr  |   May 1 2008  12:30PM GMT

One update. I tried cacls from the command prompt and it says ACCESS DENIED when trying to add Domain Admins to the acl list. So that option does not work.