Announcement

Collapse
No announcement yet.

ACLs on child folder do not match ACLs on parent folder?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ACLs on child folder do not match ACLs on parent folder?

    I have a folder on a Win2K3 server SP2 where the parent folder has the following ACLs:

    * Administrators (Server\Administrators) => Full Control
    * CREATOR OWNER = > Special Permissions
    * lShr.DFS.DEPT_DATA.Finance => Modify
    * SYSTEM => Full Control

    Most subfolders have the same ALCs as the parent however, the folders created after 2009-06-11 have the following ACLs:

    * Administrators (Server\Administrators) => Full Control
    * CREATOR OWNER = > Special Permissions
    * Leigh Surname => Special Permissions, Full Control, Apply to This Folder Only
    * lShr.DFS.DEPT_DATA.Finance => Modify
    * SYSTEM => Full Contro

    The security permissions checkbox for Leigh Surname is greyed out indicating this setting is inherited and thus trying to remove the user results in the common error message indicating that the security is inherited and cannot be removed.

    The rest of the folder created after this one have other users set the same way.

    How do I remove these security settings?

    PS. If I make a copy the folder "2009-06-11", giving it the default name "Copy of 2010-11-04", the permissions are the same as the parent folder!
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: ACLs on child folder do not match ACLs on parent folder?

    Remove inheritance and copy the permissions then delete and propogate the change then re-apply inheritance.

    Comment


    • #3
      Re: ACLs on child folder do not match ACLs on parent folder?

      Doesn't work- tried that. Once you re-apply inheritance, the security of the user comes back!

      I resorted to Xcacls:
      Code:
      xcacls "Q:\DFS-DEPT-DATA\ParentFolder\2010-07-01" /r ve\bhagaa /e /t
      which fixed the issue. Note the /e is VERY important as without it, it removes all existing security and replaces it with the one you're adding. In my case I was removing security so my test folder eventually had NO security settings. /t traverses sub folders.

      Also, had the error "you are not using cscript for the scripting engine" when I tried to run Xcacls. In my case, I ran "CScript //H:CScript //S" in a command box to fix this.

      See: http://support.microsoft.com/kb/318754

      For Xcacls details.

      BTW, I have SID in some of the subfolders which i cannot get rid of. I can't figger out how to get Xcacls to use the SID so I can get rid of it. Does anyone know if I can use Xcacls with SIDs?

      For now, I'll just copy the folders to new names, delete the original, then rename back which fixes the issue.
      |
      +-- JDMils
      |
      +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
      |

      Comment

      Working...
      X