locked
Permission for take ownership RRS feed

  • Question

  • I am trying to give permission to a stadard AD user so that she can delete exclusive home folders. By default this account has full permissions on the parent directory. However all permission gets blocked at the home folder level which is by dafualt for windows server. My domain admin account had full permission as that account and I cannot access it as well. However the only thing I can do wimy domian admin account is that I can take ownership. Can I set permissions for that stanard user so that she can take ownership as well? At the moment I am getting access denied message
    Tuesday, August 9, 2011 12:28 AM

Answers

All replies

  • Yes you can. You have to grant that user NTFS permission "Take Ownership" on each folder you want him to be able to take ownership. you can do it by icacls command line tool, or Properties | Security Tab | Advenced Permissions on each folder. More automated ways would be: either GPO or PowerShell script
    With kind regards
    Krystian Zieja
    http://www.projectenvision.com
    Follow me on twitter
    My Blog
    Need help with your systems?
    Tuesday, August 9, 2011 12:36 AM
  • Is there any single place assigning permissions or do I need to do it on all sub folders (home folders)? If this is the case do I need to run (I am familiar with icacls) this script over the time (e.g. for future new users)? I am looking for a stable solution so that any future homefolder will receive the same permission (may be this is not possible)

    Thanks

    Tuesday, August 9, 2011 2:42 AM
  • Both accounts have full control permission on partent folder but not home folders, because the permissions are not inherited to subfolders. Specifically, if Grant the user exclusive rights to My Documents check box is checked, domain admin will not have permission on these folders.

    Here is a similar thread and solution is provided, please have a look on it:

    http://social.technet.microsoft.com/Forums/en/winservergen/thread/4ce57c40-20bf-48ba-82ed-c808cb6d8e1c


    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.
    Monday, August 15, 2011 7:15 AM