How to declare (from command line !) folder D:\aaa\bbb shared for User myuser123 with full access?

pstein

Honorable Member
#1
As the sibject already told I am seaching for a way to assign sharing permissions FROM COMMANDLINE
for a particular user with particular permission. Something like

defineshare -dir=D:\aaa\bbb -user=myuser123 -perm="full access"

Is this somehow possible?

peter
 


zvit

Honorable Member
#2
  1. Start a command prompt.
  2. To set ownership of a folder and all of its contents, run the following command:

    subinacl /subdirectories *.* /setowner=domainname\user
  3. To grant the Administrators group Full Control permissions to the folder and its contents, run the following command:

    cacls *.* /t /e /g domainname\administrator:f



Managing File and Folder Permissions Through the Command Line Utility
 


pstein

Honorable Member
#3
Hmm, "subinacl" is not built-in in Windows 7 (maybe it was in WinXP).

From where do I get this additional tool (for 64bit Windows 7) ?

What is the difference to two programs

setacl

and

setowner

Peter
 


Trouble

Noob Whisperer
#5
You really have two things to consider and account for when it comes to file sharing on any NTFS volume.
Share permissions as well as NTFS (security) permissions.
Both effectively impact the ability of a user to access a shared network resource, so...
For share permissions use net share
Open an elevated command prompt and type
net share /?
or google for net share examples.
For NTFS security permission use icacls
Open an elevated command prompt and type
icacls /?
or google for icacls examples
And remember on NTFS volumes, security permissions always combine with share permissions and the most restrictive permission is always applied. And when applying permissions explicitly to an individual user, that user's group membership's permissions are also enumerated when calculating his overall ability to access a particular share, so....
If user "John" is granted full access under both the previous examples (share and ntfs permissions), but John also belongs to the "Users" group, and the "Users" group only has been granted "Read" access to that particular file or folder (share), then user "John" will only effectively have "Read" access to that share as a consequence of his group membership.
 


Last edited:

davehc

Essential Member
Premium Supporter
Microsoft MVP
#6
With respect. I would also like to add that blindly taking ownershipp of some of the security locked files/folders in Windows 7, can lead to a heap of problems. Worst manisfestation I have seen is a constant duplication of files being used into other linked folders - this invariably leads to a loss, due to OS confusion, of links..
On the subject of links, the (well intentioned) one given by Zvit, is a little old and does not, apparently, show a way to Undo the reg edit. The method of using the shift key is clumsy.
The automatic registry edit (.reg) has been updated.
I have enclosed both the enable and undo files in the attached zip,This gives you a right click item on the drop down menu, for any file or folder. but heed the warning from Trouble

View attachment 13458
 


Last edited:
This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.