How to declare (from command line !) folder D:\aaa\bbb shared for User myuser123 with full access?

Discussion in 'Windows 7 Help and Support' started by pstein, Apr 26, 2011.

  1. pstein

    pstein Honorable Member

    Joined:
    Mar 20, 2010
    Messages:
    347
    Likes Received:
    0
    As the sibject already told I am seaching for a way to assign sharing permissions FROM COMMANDLINE
    for a particular user with particular permission. Something like

    defineshare -dir=D:\aaa\bbb -user=myuser123 -perm="full access"

    Is this somehow possible?

    peter
     
  2. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    1. Start a command prompt.
    2. To set ownership of a folder and all of its contents, run the following command:

      subinacl /subdirectories *.* /setowner=domainname\user
    3. To grant the Administrators group Full Control permissions to the folder and its contents, run the following command:

      cacls *.* /t /e /g domainname\administrator:f



    Managing File and Folder Permissions Through the Command Line Utility
     
  3. pstein

    pstein Honorable Member

    Joined:
    Mar 20, 2010
    Messages:
    347
    Likes Received:
    0
    Hmm, "subinacl" is not built-in in Windows 7 (maybe it was in WinXP).

    From where do I get this additional tool (for 64bit Windows 7) ?

    What is the difference to two programs

    setacl

    and

    setowner

    Peter
     
  4. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
  5. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    You really have two things to consider and account for when it comes to file sharing on any NTFS volume.
    Share permissions as well as NTFS (security) permissions.
    Both effectively impact the ability of a user to access a shared network resource, so...
    For share permissions use net share
    Open an elevated command prompt and type
    net share /?
    or google for net share examples.
    For NTFS security permission use icacls
    Open an elevated command prompt and type
    icacls /?
    or google for icacls examples
    And remember on NTFS volumes, security permissions always combine with share permissions and the most restrictive permission is always applied. And when applying permissions explicitly to an individual user, that user's group membership's permissions are also enumerated when calculating his overall ability to access a particular share, so....
    If user "John" is granted full access under both the previous examples (share and ntfs permissions), but John also belongs to the "Users" group, and the "Users" group only has been granted "Read" access to that particular file or folder (share), then user "John" will only effectively have "Read" access to that share as a consequence of his group membership.
     
    #5 Trouble, May 7, 2011
    Last edited: May 7, 2011
  6. davehc

    davehc Microsoft MVP
    Premium Supporter Microsoft MVP

    Joined:
    May 1, 2008
    Messages:
    5,116
    Likes Received:
    301
    With respect. I would also like to add that blindly taking ownershipp of some of the security locked files/folders in Windows 7, can lead to a heap of problems. Worst manisfestation I have seen is a constant duplication of files being used into other linked folders - this invariably leads to a loss, due to OS confusion, of links..
    On the subject of links, the (well intentioned) one given by Zvit, is a little old and does not, apparently, show a way to Undo the reg edit. The method of using the shift key is clumsy.
    The automatic registry edit (.reg) has been updated.
    I have enclosed both the enable and undo files in the attached zip,This gives you a right click item on the drop down menu, for any file or folder. but heed the warning from Trouble

    View attachment 13458
     
    #6 davehc, May 7, 2011
    Last edited: May 8, 2011

Share This Page

Loading...