NTFS Security path depth > 256 chars

  • Thread starter Thread starter Frederik De Muyter
  • Start date Start date
F

Frederik De Muyter

Hi,

I have a couple of questions on setting up NTFS security.
First when a user creates a directory under a folder I share, he is the
owner of the folder and can remove admins form the ntfs security. Can i stop
this and how.

Second i'm having troubles setting NTFS security on files or folders that
exceed a depth of 256 characters. I simply get access denied.
Can i changes this?

Third is ther a way to propegate permissions to sub directory's even if i
don't have ownership on the folder.

I hope my questions are clear and if not i'm alway willing to elaborate on
them.

Kind regards,

Frederik De Muyter.
 
Frederik De Muyter schrieb:

> I have a couple of questions on setting up NTFS security.
> First when a user creates a directory under a folder I share, he is the
> owner of the folder and can remove admins form the ntfs security. Can i stop
> this and how.

Well I would show those users how far they get with such activities: Make a
script which takes over the ownership and add full access for the "default
members" (administrator, SYSTEM)

> Second i'm having troubles setting NTFS security on files or folders that
> exceed a depth of 256 characters. I simply get access denied.
> Can i changes this?

Well MS does not learn that it is a good idea not to use the oldest
available api for a central application as the Explorer (which limits the
path length). Therefore you can not change this behaviour, only using a
third party software which uses Unicode file names -> max path length then
is about 32k.

Robert
 
"Frederik De Muyter" <FrederikDeMuyter@discussions.microsoft.com> wrote in
message news:CF5694D2-4CEF-4D94-87D0-76408F62A3CB@microsoft.com...
> Hi,
>
> I have a couple of questions on setting up NTFS security.
> First when a user creates a directory under a folder I share, he is the
> owner of the folder and can remove admins form the ntfs security. Can i
> stop
> this and how.
>

No. The behavior is hardwired in pre-Vista versions of Windows.
You would need a process that events on new object creation and
then sets the ownership to such as Administrators.

> Second i'm having troubles setting NTFS security on files or folders that
> exceed a depth of 256 characters. I simply get access denied.
> Can i changes this?

The max path is an old limitation in Windows.
One can use the subst command to define a drive letter for
part of the excessive length path and then access via that.

>
> Third is ther a way to propegate permissions to sub directory's even if i
> don't have ownership on the folder.
>

Sure, but the account doing so need to have the permission to change
permissions (a part of the Full control grant, but can be granted alone).

Usually when taking ownership is needed there also is no grant to
the administrative accounts used to take ownership, so instead of
sure the answer practically speaking is no, not it there is no grant
to system or administrators (or any group allowed to take ownership).


> I hope my questions are clear and if not i'm alway willing to elaborate on
> them.
>
> Kind regards,
>
> Frederik De Muyter.
>
>
 

Similar threads

AWS
Skilling snack: Windows application security
Replies
0
Views
133
AWS
AWS
AWS
Hive ransomware gets upgrades in Rust
Replies
0
Views
234
AWS
AWS
AWS
September 2023 - Microsoft 365 US Public Sector Roadmap Newsletter
Replies
0
Views
167
AWS
AWS
AWS
November 2022 - Microsoft 365 US Public Sector Roadmap Newsletter
Replies
0
Views
415
AWS
AWS
AWS
September 2022 - Microsoft 365 US Public Sector Roadmap Newsletter
Replies
0
Views
228
AWS
AWS
Back
Top