5

Does anybody know a way to force that all files that get created inside some folder inherit the NTFS permissions of that folder.

The problem is the following:

I have a third party software that is creating PDF files inside a certain folder, but the problem is that those files get created with only the permissions for that user and for the administrators group, the file doesn't inherit the permissions of the folder it is in (Include inheritable permissions... is not marked on the files that get created), which give access to other groups of users also.

ralz
  • 2,751
  • 2
  • 17
  • 22

2 Answers2

3

As a temporary solution to the problem I created a .bat with

icacls "folder_path*" /inheritance:e

and have put that in Task Scheduler.

If anybody else comes to a better idea, please post it in the answers.

EDIT: The problem was that the PDF file was first created in %appdata% folder and then it would get moved in the custom folder on the same drive and therefore would keep the original permissions it had in the %appdata% folder.

I created a new folder on another drive and the file inherits the permissions of the folder where it is saved(since moving on another drive is actually first copying and then deleting the original file).

ralz
  • 2,751
  • 2
  • 17
  • 22
  • The best idea is to ask TerminalWorks why their program does this and see if it's configurable. – MDMarra Jan 08 '13 at 13:43
  • 1
    It is doing it becuase they are creating a PDF in the %appdata% folder first (that is way it gets only user and administrator group pivileges) and then they are moving it to a custom folder (which is on the same drive in this case). If they were copying(which would probably be a lot slower for big files) it would inherit the permissions. And I have just answered myself what to do while writing this, I'll move the folder to another volume :) – ralz Jan 08 '13 at 13:51
  • 2
    Source permissions are preserved (inheritance is cleared) if a file is copied to a different folder on the SAME volume. In any other case, the target file always inherits the destination folder permissions. Your solution should work just fine. – John Homer Jan 08 '13 at 18:51
  • 2
    [The Old New Thing](http://blogs.msdn.com/b/oldnewthing/archive/2006/08/24/717181.aspx) explains why this happens, for those who wonder. This answer explains how to force the inherited ACL recalculation to happen. – RomanSt Aug 18 '14 at 11:38
1

I was looking for the same problem. People create a file/folder on their desktop or somewhere else on the network and copy the files to an area on the network that has strict network security policies - and the permissions would follow the files from where they originated and we would have to manually initiate the "inherit permissions". This is not a good overall solution. I read a little bit here - maybe this will help someone: How to use ADsSecurity.dll to add an access control entry to an NTFS folder [archived from microsoft.com on 2014-08-27]

I'm with Monica
  • 115
  • 1
  • 9
Renet123
  • 11
  • 1