Give users access to read non-inherited folder permissions
Submitted by itefix on Fri, 23/06/2017 - 10:53
If you have a Windows folder structure with many non-inherited folders, it may be necessary to give a group of users access to read permissions only, to meet requirements from help desk or staff monitoring compliance. Assuming that you have administrator access to the Windows computer, the Powershell-based recipe below may help you:
Pre-work:
- Download Powershell module NTFSSecurity
- Install files in %USERPROFILE%\Documents\WindowsPowershell\Modules\NTFSSecurity
- Unblock each file in the directory above (Right click --> Properties)
- Create a domain group to manage users which will have the permissions (GRP-ReadPermissions in our example)
Procedure:
- Start Powershell as administrator
- Assign your user privileges to be able to perform operations on all files even if your user don't have access (backup+restore+security)
Enable-Privileges
- You may consider to log the state before the operation:
Get-ChildItem -Path root-folder -Dir -Recurse | Get-NTFSAccess -ExcludeInherited > log-file-before.txt
- Give the group GRP-ReadPermissions ListDirectory and ReadPermission access to all directories with no inheritance:
Get-ChildItem -Path root-folder -Dir -Recurse | Get-NTFSAccess -ExcludeInherited | Add-NTFSAccess -Account GRP-ReadPermissions -AccessRights ListDirectory,ReadPermissions
- You may consider to log the state after the operation:
Get-ChildItem -Path root-folder -Dir -Recurse | Get-NTFSAccess -ExcludeInherited > log-file-after.txt
- Revoke the privileges from your account
Disable-Privileges
If you prefer, you can gather the commands above in a script for scheduling.
Featured product
Free Software Highlights
Release Announcements
- 2024-11-25 Copssh client 8.0.0
- 2024-11-17 OpenSSL tool 2.0.1
- 2024-11-17 Wrbldnsd 5.0.2