Guest Frederik De Muyter Posted July 5, 2007 Posted July 5, 2007 Hi, I have a couple of questions on setting up NTFS security. First when a user creates a directory under a folder I share, he is the owner of the folder and can remove admins form the ntfs security. Can i stop this and how. Second i'm having troubles setting NTFS security on files or folders that exceed a depth of 256 characters. I simply get access denied. Can i changes this? Third is ther a way to propegate permissions to sub directory's even if i don't have ownership on the folder. I hope my questions are clear and if not i'm alway willing to elaborate on them. Kind regards, Frederik De Muyter. Quote
Guest Robert Kochem Posted July 5, 2007 Posted July 5, 2007 Frederik De Muyter schrieb: > I have a couple of questions on setting up NTFS security. > First when a user creates a directory under a folder I share, he is the > owner of the folder and can remove admins form the ntfs security. Can i stop > this and how. Well I would show those users how far they get with such activities: Make a script which takes over the ownership and add full access for the "default members" (administrator, SYSTEM) > Second i'm having troubles setting NTFS security on files or folders that > exceed a depth of 256 characters. I simply get access denied. > Can i changes this? Well MS does not learn that it is a good idea not to use the oldest available api for a central application as the Explorer (which limits the path length). Therefore you can not change this behaviour, only using a third party software which uses Unicode file names -> max path length then is about 32k. Robert Quote
Guest Roger Abell [MVP] Posted July 5, 2007 Posted July 5, 2007 "Frederik De Muyter" <FrederikDeMuyter@discussions.microsoft.com> wrote in message news:CF5694D2-4CEF-4D94-87D0-76408F62A3CB@microsoft.com... > Hi, > > I have a couple of questions on setting up NTFS security. > First when a user creates a directory under a folder I share, he is the > owner of the folder and can remove admins form the ntfs security. Can i > stop > this and how. > No. The behavior is hardwired in pre-Vista versions of Windows. You would need a process that events on new object creation and then sets the ownership to such as Administrators. > Second i'm having troubles setting NTFS security on files or folders that > exceed a depth of 256 characters. I simply get access denied. > Can i changes this? The max path is an old limitation in Windows. One can use the subst command to define a drive letter for part of the excessive length path and then access via that. > > Third is ther a way to propegate permissions to sub directory's even if i > don't have ownership on the folder. > Sure, but the account doing so need to have the permission to change permissions (a part of the Full control grant, but can be granted alone). Usually when taking ownership is needed there also is no grant to the administrative accounts used to take ownership, so instead of sure the answer practically speaking is no, not it there is no grant to system or administrators (or any group allowed to take ownership). > I hope my questions are clear and if not i'm alway willing to elaborate on > them. > > Kind regards, > > Frederik De Muyter. > > Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.