Users removing Administrator from files/folders permissions
Posted
by
user64204
on Server Fault
See other posts from Server Fault
or by user64204
Published on 2011-11-15T08:04:19Z
Indexed on
2011/11/15
9:55 UTC
Read the original article
Hit count: 281
windows-server-2008
|windows-server-2003
|active-directory
|permissions
|administrator
We're running Windows Server 2003 R2
with Active Directory
and are having an issue with network shares whereby users, in an attempt to secure their documents, remove everybody (including the Administrator
account) from their files/folders permissions. Since the Administrator
no longer has read
permission to them, we can't even backup files manually as we get permission errors.
One solution that we've found is to change the owner
of the files and directories to the Administrator
account. We can then change the permissions as we wish. The problem is that this has to be done manually so can't really be applied to an entire share.
Another solution that we've tried is to use cacls
as follows:
cacls d:\path\to\share /C /T /E /G Administrator:F
The problem with this is that we're still getting an ACCESS DENIED
error on files/folders on which Administrator
was removed.
Q1: Is there a way to restore at least read
access to all files/folders to the Administrator
account in a recursive fashion?
That would be for the short term. For the long term we're looking for a solution to prevent users from removing Administrator
from files/folders permissions. Since we're going to migrate to Windows Server 2008 R2
soon we could wait until we've migrated to implement such solution if need be.
Q2: Is there a way to prevent users from removing Administrator from files/folders permissions on Windows Server 2003/2008?
© Server Fault or respective owner