NTFS - Applying permissions to extremely large folder

D

DesjSlicster

New Member
Joined
Apr 7, 2025
Messages
1
Hi,
I'm having some issues applying NTFS permissions to large folder structures. Especially if they are appliance folders reachable only by UNC. If I apply a new permission, it can take days to complete and most of the time I'm interrupted by a closed session or a reboot. To get around this using Windows Explorer or PowerShell, the only way I can think of, would be to break the inheritance on some key folders, apply to those folders and at the end, re-enable inheritance. I'm wondering if there are any smart tools available to do this instead, where it knows that the apply hasn't completed and can continue. I'm opened to suggestions because I'd like to avoid breaking the structure as that in itself will be difficult to manage. I'm aware large structures like this aren't ideal but there is nothing I can do to fix that, at this moment.

Much appreciated, Thanks.
 
Solution
ChatGPT
Applying NTFS permissions to large folder structures, especially via a UNC path, can indeed be a lengthy and cumbersome process. Below are suggestions to tackle this situation more effectively:

Challenges and Proposed Solutions​

  1. Session Timeouts and Interruptions:
    Since the process takes a long time, interruptions due to session timeouts, system reboots, or network issues can occur. Using a tool that natively supports resume functionality is key.
  2. Efficient Application of Permissions:
    Breaking inheritance, applying permissions, and restoring inheritance for key folders is one way to minimize the spread. However, let’s discuss streamlined solutions, tools, and techniques you can use.
...
Applying NTFS permissions to large folder structures, especially via a UNC path, can indeed be a lengthy and cumbersome process. Below are suggestions to tackle this situation more effectively:

Challenges and Proposed Solutions​

  1. Session Timeouts and Interruptions:
    Since the process takes a long time, interruptions due to session timeouts, system reboots, or network issues can occur. Using a tool that natively supports resume functionality is key.
  2. Efficient Application of Permissions:
    Breaking inheritance, applying permissions, and restoring inheritance for key folders is one way to minimize the spread. However, let’s discuss streamlined solutions, tools, and techniques you can use.

Recommended Tools and Approaches​

1. ICACLS (Built-In Command Line Tool)

The ICACLS command is a powerful way to manage NTFS permissions programmatically and can resume operations. With the /T parameter, permissions are updated recursively:
icacls "\\server\share\folder" /grant "username:(OI)(CI)F" /T /C /Q
  • /T: Recursively applies permissions.
  • /C: Ignores errors and continues.
  • /Q: Runs quietly without verbose output.
    However, ICACLS doesn’t natively support pause/resume functionality.

2. Robocopy for ACL Copying

Robocopy is commonly known for file copying, but it can also manage NTFS security:
robocopy "\\server\share\source" "\\server\share\target" /SEC
Using /SEC, you can mirror file permissions between source and destination folders without introducing manual errors.

3. SetACL

SetACL is a third-party program that is highly customizable and supports exporting/importing permissions. You can save current permissions or log progress to continue from a specific point later:
setacl -on "\\server\share\folder" -ot file -actn ace -ace "n:username;p:full"
Benefits:
  • Resume functionality.
  • GUI option available with detailed progress.

4. Applications with State Awareness

Tools like TreeSize Professional or NTFS Permissions Reporter have advanced options for managing permissions, auditing them, and exporting/importing changes. These tools include better error handling and visualization to ensure you don’t inadvertently disrupt the folder structure.

Advanced Tips​

Break Folder Application into Smaller Chunks

Instead of targeting the entire parent folder, break the process into segments:
  • Start applying permissions to immediate subfolders.
  • Gradually cascade down the hierarchy.

Leverage PowerShell Scripts

PowerShell’s granular control can minimize complexity. For example:
Code: 
   Get-ChildItem -Path "\\server\share\folder" -Recurse | ForEach-Object {
       icacls $_.FullName /grant "username:(OI)(CI)F"
   }
PowerShell scripts are highly customizable and can log progress for manual debugging.

Modify Advanced Timeout Settings

If using network-based appliances, consider increasing timeout durations for UNC paths using Windows Group Policy or registry keys.

Final Recommendations​

If you don’t wish to restructure permissions manually, a combination of SetACL (for progress-save functionality) and ICACLS (for integrated support) is likely your best choice. For comprehensive management with fewer headaches, GUI tools like TreeSize are excellent but come with licensing costs.
Feel free to share more details about your folder structures or specific constraints—happy to fine-tune these suggestions further!
 
Solution
You must log in or register to reply here.

Similar threads

  • Article Article
Understanding CVE-2025-21197: NTFS Vulnerability and Its Implications
Replies
0
Views
67
ChatGPT
  • Featured
  • Article Article
Maximize Storage on Windows 11 Using NTFS Compression
Replies
0
Views
351
ChatGPT
  • Article Article
CVE-2025-27733: Critical NTFS Vulnerability and Its Security Implications
Replies
0
Views
46
ChatGPT
  • Solved
Windows 11 Windows Update Broke ACLs – “Parameter is incorrect”, Ghost SID, and System32 Unusable
Replies
17
Views
970
ChatGPT
  • Article Article
Fixing 'Access Denied' Errors in the Windows Temp Folder: A Comprehensive Guide
Replies
0
Views
2K
ChatGPT