How to setup NTFS ACL with Acces Based Enumeration

Posted by Patrick Pellegrino on Server Fault See other posts from Server Fault or by Patrick Pellegrino
Published on 2012-11-20T22:04:35Z Indexed on 2012/11/20 23:03 UTC
Read the original article Hit count: 233

Filed under:

windows-server-2008-r2

|

ntfs

|

acl

|

icacls

We're in the process of migrating from Novell Netware to Windows 2K8 R2 infrastructure (AD, File server, print server... etc)

My question is about ACL. While Netware and Windows are totally different, I want to be sure my thnking is good before screwing everything up!

There's a scenario :

F:
|
+-- DATA <= Shared as DATA with Access based enumeration
     |
     +-- Folder 1
     +-- Team 1's Folder
     +-- Team 2's Folder
     ...

In that case, by default, rights are herited from the F: to the deepest folders.

What we want :

Administrators group have full control top - down.
From DATA, ABE list only folders that users have access. (ex. : I'm in group Team 2, I see Team 2's Folder).

From what I understand, at DATA I remove all NTFS ACL to be herited (ex. Users Group), be sure to keep Administrators Group and SYSTEM user.

After that, grant Full control (or any right needed) on each folder to Groups or Users that have to have access.

Does I'm wrong ? Anything I should take care of ?

Any help to my understanding will be very appreciated.

Regards.

© Server Fault or respective owner

Related posts about windows-server-2008-r2

Cannot enable network discovery on Windows Server 2008 R2

as seen on Server Fault - Search for 'Server Fault'
I'm trying to enable the Network Discovery feature on a newly installed Windows Server 2008 R2 instance. The network connection is in the Home or Work profile (it is not domain joined). These are the steps I've followed: Within the Network and Sharing Center I select Change advanced sharing settings Then… >>> More
Windows Server 2008 R2: AD Module for Windows PowerShell

as seen on Internet.com - Search for 'Internet.com'
Windows Server 2008 R2 includes a new Active Directory module for Windows PowerShell, a consolidated group of 76 cmdlets that can perform a host of tasks against Active Directory's various services. >>> More
Windows Server 2008 R2: Introducing the AD Administrative Center

as seen on Internet.com - Search for 'Internet.com'
The Active Directory Administrative Center in Windows Server 2008 R2 is a significant improvement over its predecessor. Although not without limitations, it offers beefed-up management of AD objects, new navigation capabilities, better task-based management options, and improvements to the properties… >>> More
Sun Fire X4270 M3 SAP Enhancement Package 4 for SAP ERP 6.0 (Unicode) Two-Tier Standard Sales and Distribution (SD) Benchmark

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Oracle's Sun Fire X4270 M3 server achieved 8,320 SAP SD Benchmark users running SAP enhancement package 4 for SAP ERP 6.0 with unicode software using Oracle Database 11g and Oracle Solaris 10. The Sun Fire X4270 M3 server using Oracle Database 11g and Oracle Solaris 10… >>> More
Now Customers Can Actually Locate Your Resources with URL Rewriter 2.0 RTW

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Today, Microsoft announced the final release of IIS URL Rewriter 2.0 RTW . Now the first reason might be obvious why you would want to rewrite a URL – when you are at a cocktail party with loud music and tasty appetizers and a potential customer asks you where they can get more info on your snazzy… >>> More

Related posts about ntfs

NTFS and NTFS-3G

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a netbook with Ubuntu Netbook 10.04 and a desktop with Mint 10 (~ Ubuntu Desktop 10.10) Both of them have read/write NTFS partitions mounted via /etc/fstab. And it works fine. Ive read on net, google, forums, and several posts here, that NTFS-3G is the driver that allows you to have full… >>> More
NTFS partitions hidden under EXT4 file system / partition...want to recover files from NTFS

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am new to ubuntu, but very impressed with the system. so one day i tried installing ubuntu 10.10 along with windows in dual boot first place it didnt get installed properly and during second attempt i could do it right but oh...i lost my windows 7 , here is my problem and what i have done till… >>> More
Kernel NTFS driver vs NTFS-3G

as seen on Super User - Search for 'Super User'
A more comprehensive phrased question since I lost access to the other one. I would ask that the other one be deleted, not this one, as it should not have been migrated in the first place. There are currently two NTFS drivers available for Linux. The NTFS driver included in the kernel, and the… >>> More
NTFS partitions hidden under EXT4 file system / partion...want to recover files from NTFS

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Hi all, I am new to ubuntu, but very impressed with the system. so one day i tried installing ubuntu 10.10 along with windows in dual boot first place it didnt get installed properly and during second attempt i could do it right but oh...i lost my windows 7 , here is my problem and what i have done… >>> More
Can't write to NTFS formatted drives

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I'm not sure what has happened, but I've all of a sudden lost write access to any of my NTFS external drives. I installed a few games and apps from the software center, and now I can't make new folders or copy and paste files to anything that is NTFS. Everything is now read only, and I've tried… >>> More