Hi,

 

I have a couple of questions on setting up NTFS security.

First when a user creates a directory under a folder I share, he is the

owner of the folder and can remove admins form the ntfs security. Can i stop

this and how.

 

Second i'm having troubles setting NTFS security on files or folders that

exceed a depth of 256 characters. I simply get access denied.

Can i changes this?

 

Third is ther a way to propegate permissions to sub directory's even if i

don't have ownership on the folder.

 

I hope my questions are clear and if not i'm alway willing to elaborate on

them.

 

Kind regards,

 

Frederik De Muyter.

Frederik De Muyter schrieb:

> I have a couple of questions on setting up NTFS security.

> First when a user creates a directory under a folder I share, he is the

> owner of the folder and can remove admins form the ntfs security. Can i stop

> this and how.

 

Well I would show those users how far they get with such activities: Make a

script which takes over the ownership and add full access for the "default

members" (administrator, SYSTEM)

> Second i'm having troubles setting NTFS security on files or folders that

> exceed a depth of 256 characters. I simply get access denied.

> Can i changes this?

 

Well MS does not learn that it is a good idea not to use the oldest

available api for a central application as the Explorer (which limits the

path length). Therefore you can not change this behaviour, only using a

third party software which uses Unicode file names -> max path length then

is about 32k.

 

Robert

"Frederik De Muyter" <FrederikDeMuyter@discussions.microsoft.com> wrote in

message news:CF5694D2-4CEF-4D94-87D0-76408F62A3CB@microsoft.com...

> Hi,

>

> I have a couple of questions on setting up NTFS security.

> First when a user creates a directory under a folder I share, he is the

> owner of the folder and can remove admins form the ntfs security. Can i

> stop

> this and how.

>

 

No. The behavior is hardwired in pre-Vista versions of Windows.

You would need a process that events on new object creation and

then sets the ownership to such as Administrators.

> Second i'm having troubles setting NTFS security on files or folders that

> exceed a depth of 256 characters. I simply get access denied.

> Can i changes this?

 

The max path is an old limitation in Windows.

One can use the subst command to define a drive letter for

part of the excessive length path and then access via that.

>

> Third is ther a way to propegate permissions to sub directory's even if i

> don't have ownership on the folder.

>

 

Sure, but the account doing so need to have the permission to change

permissions (a part of the Full control grant, but can be granted alone).

 

Usually when taking ownership is needed there also is no grant to

the administrative accounts used to take ownership, so instead of

sure the answer practically speaking is no, not it there is no grant

to system or administrators (or any group allowed to take ownership).

 

> I hope my questions are clear and if not i'm alway willing to elaborate on

> them.

>

> Kind regards,

>

> Frederik De Muyter.

>

>