Thursday, October 18, 2012

Applying permissions in bulk to NTFS folders that an administrator does not have access to

I’m sure all of us have come across the issue where we have certain folders (i.e. redirected folders, roaming profiles) that we don’t have permissions to and when we try to delete them, we’re unable to:

image

image

image

image

image

As a Windows administrator, we all know that we can simply take ownership of the folder through the properties of the folder to gain control. However, what if we had 50 or 100 or more? Not exactly the quantity of folders that you would like to be clicking through to take ownership.

Thankfully, there is a way to apply additional permissions to these folders in bulk through the use of the PsExec tool that’s available to download at the following URL:

http://technet.microsoft.com/en-us/sysinternals/bb897553

image

Begin by downloading the tools zip package, unzip the package into a directory:

image

… then open up a command prompt:

image

… and change the directory to where the PSTools are:

image

Execute the following command to open up a new prompt:

Psexec -i -s CMD

image

From within the new Psexec use the following command to take over and grant an account permissions:

Icacls [local path of redirected folders] /t /grant adminaccount:f

Here’s an example of a command that grants an account named citrixadmin permissions to all of the folders in the specified folder:

Icacls X:\UPMProfiles\~Archived /t /grant citrixadmin:f

image

Once the command successfully executes, you will now see that the account specified has permissions to the folder.  Also note that the account which previously had permissions to the folder is retained:

image

1 comment:

Joel Ammann said...

Didn't work for me, always sais: "Permission Denied". I used the exact same method you provided in the article. ~ Joel