I never used a snapin to apply NTFS permissions, I might be missing something. Does it give you something that the right click security doesn't? I apply ntfs permissions through windows shares. My daily user account has full control over a select group of folders on our file server. I can access a folder through the share and modify permissions. In a previous job I ran as DA as my regular user account, because I was young and dumb, I adjusted permissions regularly through the shares. Yes, it might not be what they are used to, and they can't create shares this way, but there's no reason that they can't change NTFS permissions.
I may not understand your needs, either. On Wed, Sep 1, 2010 at 4:57 PM, Ziots, Edward <[email protected]> wrote: > I am not sure, I can tell you if I login to the server as a Power user, I > can create the share, and permissions accordingly as needed. If I try this > via shared folders snapin remotely, I can’t see the drives accordingly, nor > create a folder, etc etc, as a power user of the system. Compmgmt.as msc > snapin same deal. > > > > Actually Creator Owner has, Full Control on the directory that is created, > but I will see if that translates to having access at the share/NTFS when I > create it and grant them the appropriate rights as compared to them creating > it, via power user rights. > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] <email%[email protected]> > > Cell:401-639-3505 > > > > *From:* Jonathan Link [mailto:[email protected]] > *Sent:* Wednesday, September 01, 2010 > *To:* NT System Admin Issues > *Subject:* Re: Trying to limit my helpdesk to Power User rights, > > > > Reread the initial email. > > > > If someone from the server group creates the share, and the helpdesk group > has full control on the NTFS permissions they can change permissions from > the share, no? > > > > > > On Wed, Sep 1, 2010 at 4:45 PM, Jonathan Link <[email protected]> > wrote: > > As in file permissions? > > > > > On Wed, Sep 1, 2010 at 4:42 PM, Ziots, Edward <[email protected]> wrote: > > Yep, > > > > Looks like we are going to have to go that way, problem is they field a lot > of calls about permissions and directories and not gaining access, etc etc, > which is just going to now fall on the Server Engineering group, more pain… > more pain, because things aren’t done right in the first place. > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] <email%[email protected]> > > Cell:401-639-3505 > > > > *From:* Crawford, Scott [mailto:[email protected]] > *Sent:* Wednesday, September 01, 2010 4:38 PM > > > *To:* NT System Admin Issues > > *Subject:* RE: Trying to limit my helpdesk to Power User rights, > > > > I would manage the permissions myself. If you don’t want them to be admins, > you shouldn’t be making them power users either. > > > > Power Users are Admins who have not made themselves admins yet > > http://blogs.technet.com/b/jesper_johansson/archive/2006/03/12/421870.aspx > > > > > > *From:* Ziots, Edward [mailto:[email protected]] > *Sent:* Wednesday, September 01, 2010 2:02 PM > *To:* NT System Admin Issues > *Subject:* Trying to limit my helpdesk to Power User rights, > > > > I am trying as a method of locking down my Win2k8 and below servers is > removing administrative rights wherever I can to the minimal level, I have > setup my helpdesk folks to be Power users on one of my Windows 2008 R2 > boxes, and if they login local to the box, they can create a directory and > share local on the server, using MMC etc etc, ( I tested as a domain user as > a power user) but if I run the MMC Shared folders snapin as the Power User > from my XP System ( I made the account full admin on the workstation) when I > try and take a look at the drives, via the snapin it doesn’t allow it when > it’s a Power user on the server, I know if I was to make the group or the > test user a local administrator ( which I don’t want to do, because the keep > screwing up permissions right and left) then they will see the drives and > create folder etc etc accordingly. > > > > Any ideas, How I can get this working with Power User only rights > accordingly? Maybe using additional share on the root of the drives to get > them access accordingly? Either that or take care of all the permissions > myself. > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] <email%[email protected]> > > Cell:401-639-3505 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
