|
Posted by Roger Abell [MVP] on January 14, 2006, 1:01 am
Please log in for more thread options
This cannot be done, at least not with the UI or normal utilities.
If an account has no permissions (specifically does not have
the permission to alter permissions) and also is not owner, then
that account cannot change the permissions.
What you would have to do is to take ownership, but not reset
permissions when doing so. Then you can, as owner, alter the
permissions. Following this you could then change the ownership
back to what it originally was.
Regrettably, if ownership is not uniform or simply predictable over
sizable segments, then preparing for and doing the last step of
this could be a sizable effort.
The other alternative is to use the api's or snoop out whether
someone has already. Specifically I would look into using the
file restore api using an account with the user right to restore
files.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
>I have several directories/subdirectories with many files in each on a
> server that currently have ntfs permissions granted only to the owner
> (local/domain adminstrators have no permissions). I want to add the
> local administrators group to those, granting full permissions the that
> group, without stripping the current permissions or changing the
> ownership. How can I do this?
>
| 
XML Sitemap