3

Is there a way to duplicate a user's NTFS permissions to another user? For example, the boss says, "Bob needs the exact same access to this folder as Tom". There are too many files and folders to check manually.

user1594322
  • 229
  • 1
  • 4
  • 10
  • 5
    If you're doing it right then your NTFS permissions are based on Security Group membership and it's a simple matter to make Bob a member of the same Security Groups as Tom. – joeqwerty Jun 17 '13 at 20:09
  • 1
    If it had been setup correctly by the previous IT, then I wouldn't be asking the question :-) – user1594322 Jun 17 '13 at 20:14
  • You didn't specify how the permissions had been set up and I didn't want to make assumptions. – joeqwerty Jun 17 '13 at 20:16
  • 1
    If it isn't setup correctly, and you know it, why aren't you correcting it? If you want to script the correction process, PowerShell is your friend, but it's still a bit tedious depending on how bad the situation is. – Chris S Jun 17 '13 at 20:18
  • Look into something like: http://www.solarwinds.com/products/freetools/permissions_analyzer_for_active_directory/ and correct the way it is currently being done. No sense in continuing down the same incorrect path just because that's "how it was setup". – TheCleaner Jun 17 '13 at 20:21
  • @Chris, if there was a solution, then I would apply it to a group and configure it correctly. But so far it's looking like a custom script job. – user1594322 Jun 17 '13 at 20:23
  • There are alot of companies that I've come across that couldn't or can't use groups due to the expense of the regulatory overhead involved in group membership management. – Jim B Jun 18 '13 at 04:05

2 Answers2

9

No, not unless you write a custom script that will crawl your network and detect these permissions on remote file servers.

This is why it's so important to use groups in your permissions, then it would be a matter of simply dropping the new user into the same groups as the old user.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • 3
    Thanks. I ended up creating a script that parses the output of "icacls path /save output.txt /T" and compared the permissions to make sure a new group matched the permissions. Luckily there were not any differences. If there were a lot of differences it would have been a big pain to sort out. – user1594322 Jun 17 '13 at 21:16
0

Icacls or robocopy can do this. You should also look at dynamic access control to avoid using groups or assigning specific users.

Jim B
  • 24,081
  • 4
  • 36
  • 60