OFF TOPIC - Windows Server 2003 Subfolder Security

John,

Thanks for the reply. I will try this also.

Todd:
Also Todd Anderson your the man thanks for the phone call.
You can search a file structure using windows explorer then search for a
folder name such as "Confidential" then cherry pick folders or select
all folders, from there right click and select "Properties" and the
"Security's" Tab. Uncheck the "inherit permissions", choice of copy or
remove permission, I choose copy because I also have administrative and
backup permission. I then add and delete groups and also check "Replace
permission entries on child objects" then apply.

Again this shows the power of this group.

Thanks to all who responded.


Patrick Winter



________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of John Sage
Sent: Friday, December 01, 2006 10:15 AM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder
Security



Patrick,

You'll want to use the CACLS command-line utility.

From the AccountsReceivable\Customers folder:

CACLS Confidential /T /G Group4:F

This command will traverse all subfolders, looking for a folder named
"Confidential" (/T). For each matching folder, it will replace the
current ACL and grant Full Access to Group 4 (/G).

There are other command-line options for CACLS that you'll want to
review. Type CACLS from a command prompt for a help listing.

CACLS can also be used to list ACLs.

have fun,
john

Winter, Patrick wrote:
>
>
> Scott,
>
> Ok, you understand where I'm at, that makes sense but what I was
> wondering is there a way to do this across the board without doing
each
> folder one at a time when they are created?






This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

[Non-text portions of this message have been removed]
This is a question on Windows Server 2003 Subfolder Security.

I control file security for general network shares with groups, here is
a generic example:

Shared folder = AccountsReceivable
Group 1 = AR view only group
Group 2 = AR publisher group
Group 3 = AR Editors group
Each group used in securing this folder would then have the appropriate
security settings.
Also everything below the shard folder "AccountsReceivable" would be set
inherit permission from the parent, etc...

If within the shared folder "AccountsReceivable" we create folders for
customers.
Acme
Company2
Company3
Etc...

If I create the same subfolder under each Customer called say
"Confidential", can I somehow set this folder to a different security
group, say "Group4"
Group 4 = Accounting Controller publisher Group.

I hope I have explained this properly.

Patrick


This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

[Non-text portions of this message have been removed]
Patrick,

For Sub-Folders that you do not want to inherit security from a Parent
Folder, uncheck the "Allow inheritable permissions from the parent to
propagate to this object and all child objects. Include these with entries
explicitly defined here.".

This is found in the Security Tab of the Shared folder by clicking the
Advanced button.

You will be given the choice to Copy or Remove the Security. Read the
descriptions and it will explain what both of those mean.

Scott Litzau, MCP
Olympus Flag & Banner
Information Systems Manager
scott.litzau@...
P: 414-365-9732
F: 414-355-1931

-----Original Message-----
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
Winter, Patrick
Sent: Friday, December 01, 2006 9:10 AM
To: vantage@yahoogroups.com
Subject: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder Security



This is a question on Windows Server 2003 Subfolder Security.

I control file security for general network shares with groups, here is
a generic example:

Shared folder = AccountsReceivable
Group 1 = AR view only group
Group 2 = AR publisher group
Group 3 = AR Editors group
Each group used in securing this folder would then have the appropriate
security settings.
Also everything below the shard folder "AccountsReceivable" would be set
inherit permission from the parent, etc...

If within the shared folder "AccountsReceivable" we create folders for
customers.
Acme
Company2
Company3
Etc...

If I create the same subfolder under each Customer called say
"Confidential", can I somehow set this folder to a different security
group, say "Group4"
Group 4 = Accounting Controller publisher Group.

I hope I have explained this properly.

Patrick


This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

[Non-text portions of this message have been removed]



Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
Yahoo! Groups Links
Yes. You will have to disable the "Allow Inheritable Permissions from
Parent..." on the "Confidential" folder. If you use the advanced tab to
add "Group 4" you will have numerous additional options (Apply To: This
Folder only, This Folder and Files etc.). "Group 4" will also require at
least "list" privileges in the parent folders.



Jim



From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Winter, Patrick
Sent: Friday, December 01, 2006 9:10 AM
To: vantage@yahoogroups.com
Subject: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder Security




This is a question on Windows Server 2003 Subfolder Security.

I control file security for general network shares with groups, here is
a generic example:

Shared folder = AccountsReceivable
Group 1 = AR view only group
Group 2 = AR publisher group
Group 3 = AR Editors group
Each group used in securing this folder would then have the appropriate
security settings.
Also everything below the shard folder "AccountsReceivable" would be set
inherit permission from the parent, etc...

If within the shared folder "AccountsReceivable" we create folders for
customers.
Acme
Company2
Company3
Etc...

If I create the same subfolder under each Customer called say
"Confidential", can I somehow set this folder to a different security
group, say "Group4"
Group 4 = Accounting Controller publisher Group.

I hope I have explained this properly.

Patrick





[Non-text portions of this message have been removed]
Yes, after creating the folder simply set it to not inherit permissions
from the parent and then assign your rights accordingly.



Cheers,



Gerard M Wadman

Sr. Network Systems Engineer



Scandius BioMedical Inc.

11A Beaver Brook Road

Littleton, MA 01460



978/486-4088 x 124

978/486-4108 (fax)



http://www.scandius.com/





________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Winter, Patrick
Sent: Friday, December 01, 2006 10:10 AM
To: vantage@yahoogroups.com
Subject: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder Security




This is a question on Windows Server 2003 Subfolder Security.

I control file security for general network shares with groups, here is
a generic example:

Shared folder = AccountsReceivable
Group 1 = AR view only group
Group 2 = AR publisher group
Group 3 = AR Editors group
Each group used in securing this folder would then have the appropriate
security settings.
Also everything below the shard folder "AccountsReceivable" would be set
inherit permission from the parent, etc...

If within the shared folder "AccountsReceivable" we create folders for
customers.
Acme
Company2
Company3
Etc...

If I create the same subfolder under each Customer called say
"Confidential", can I somehow set this folder to a different security
group, say "Group4"
Group 4 = Accounting Controller publisher Group.

I hope I have explained this properly.

Patrick

This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

[Non-text portions of this message have been removed]





[Non-text portions of this message have been removed]
Scott,

Ok, you understand where I'm at, that makes sense but what I was
wondering is there a way to do this across the board without doing each
folder one at a time when they are created?

My magic button would be to search for subfolders called "whatever" and
apply the following security group and don't inherit the permissions.
or
Copy a folder from a different area would when dropped it would have the
appropriate security and a of course no inherited permissions.

Also a way so search and view the folders to verify and manage this.

Patrick

PS: I guess I'm trying to see how far I can go using windows server file
system's ability without purchasing a formal document storage and
archiving system.

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Scott Litzau
Sent: Friday, December 01, 2006 9:37 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder
Security



Patrick,

For Sub-Folders that you do not want to inherit security from a Parent
Folder, uncheck the "Allow inheritable permissions from the parent to
propagate to this object and all child objects. Include these with
entries
explicitly defined here.".

This is found in the Security Tab of the Shared folder by clicking the
Advanced button.

You will be given the choice to Copy or Remove the Security. Read the
descriptions and it will explain what both of those mean.

Scott Litzau, MCP
Olympus Flag & Banner
Information Systems Manager
scott.litzau@... <mailto:scott.litzau%40olympus-flag.com>
P: 414-365-9732
F: 414-355-1931

-----Original Message-----
From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
Behalf Of
Winter, Patrick
Sent: Friday, December 01, 2006 9:10 AM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder Security

This is a question on Windows Server 2003 Subfolder Security.

I control file security for general network shares with groups, here is
a generic example:

Shared folder = AccountsReceivable
Group 1 = AR view only group
Group 2 = AR publisher group
Group 3 = AR Editors group
Each group used in securing this folder would then have the appropriate
security settings.
Also everything below the shard folder "AccountsReceivable" would be set
inherit permission from the parent, etc...

If within the shared folder "AccountsReceivable" we create folders for
customers.
Acme
Company2
Company3
Etc...

If I create the same subfolder under each Customer called say
"Confidential", can I somehow set this folder to a different security
group, say "Group4"
Group 4 = Accounting Controller publisher Group.

I hope I have explained this properly.

Patrick

This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

[Non-text portions of this message have been removed]

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder
and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>
Yahoo! Groups Links






This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

[Non-text portions of this message have been removed]
Patrick,

You'll want to use the CACLS command-line utility.

From the AccountsReceivable\Customers folder:

CACLS Confidential /T /G Group4:F

This command will traverse all subfolders, looking for a folder named
"Confidential" (/T). For each matching folder, it will replace the
current ACL and grant Full Access to Group 4 (/G).

There are other command-line options for CACLS that you'll want to
review. Type CACLS from a command prompt for a help listing.

CACLS can also be used to list ACLs.

have fun,
john



Winter, Patrick wrote:
>
>
> Scott,
>
> Ok, you understand where I'm at, that makes sense but what I was
> wondering is there a way to do this across the board without doing each
> folder one at a time when they are created?
You might be able to create a batch file to accomplish this. XCOPY has
a /o switch which will copy permissions. Command would look something
like:

xcopy sourcedir destinationdir /s/e/o

Use xcopy /? to find the other options.

I use xcopy when I need to move folders to a different drive and don't
want to have to worry about resetting permissions. I also use "net
share" command to create/delete shares and set share permissions.
Together in a batch file with passing it parameters makes a handy tool.

Butch

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Winter, Patrick
Sent: Friday, December 01, 2006 7:50 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder
Security



Scott,

Ok, you understand where I'm at, that makes sense but what I was
wondering is there a way to do this across the board without doing each
folder one at a time when they are created?

My magic button would be to search for subfolders called "whatever" and
apply the following security group and don't inherit the permissions.
or
Copy a folder from a different area would when dropped it would have the
appropriate security and a of course no inherited permissions.

Also a way so search and view the folders to verify and manage this.

Patrick

PS: I guess I'm trying to see how far I can go using windows server file
system's ability without purchasing a formal document storage and
archiving system.

________________________________

From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
Behalf
Of Scott Litzau
Sent: Friday, December 01, 2006 9:37 AM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: RE: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder
Security

Patrick,

For Sub-Folders that you do not want to inherit security from a Parent
Folder, uncheck the "Allow inheritable permissions from the parent to
propagate to this object and all child objects. Include these with
entries
explicitly defined here.".

This is found in the Security Tab of the Shared folder by clicking the
Advanced button.

You will be given the choice to Copy or Remove the Security. Read the
descriptions and it will explain what both of those mean.

Scott Litzau, MCP
Olympus Flag & Banner
Information Systems Manager
scott.litzau@... <mailto:scott.litzau%40olympus-flag.com>
<mailto:scott.litzau%40olympus-flag.com>
P: 414-365-9732
F: 414-355-1931

-----Original Message-----
From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com> ] On
Behalf Of
Winter, Patrick
Sent: Friday, December 01, 2006 9:10 AM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com>
Subject: [Vantage] OFF TOPIC - Windows Server 2003 Subfolder Security

This is a question on Windows Server 2003 Subfolder Security.

I control file security for general network shares with groups, here is
a generic example:

Shared folder = AccountsReceivable
Group 1 = AR view only group
Group 2 = AR publisher group
Group 3 = AR Editors group
Each group used in securing this folder would then have the appropriate
security settings.
Also everything below the shard folder "AccountsReceivable" would be set
inherit permission from the parent, etc...

If within the shared folder "AccountsReceivable" we create folders for
customers.
Acme
Company2
Company3
Etc...

If I create the same subfolder under each Customer called say
"Confidential", can I somehow set this folder to a different security
group, say "Group4"
Group 4 = Accounting Controller publisher Group.

I hope I have explained this properly.

Patrick

This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

[Non-text portions of this message have been removed]

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder
and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
<http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.> >
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
<http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages> >
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>
<http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links> >
Yahoo! Groups Links

This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

[Non-text portions of this message have been removed]






[Non-text portions of this message have been removed]