Setting up permissions on IX2

Similar Messages

• I have 2 sets of permissions, how do I delete one?

  I have five Macs, one G4 and 4 - G5's. G5s are running Snow Leopard 10.6.8.
  Five graphic designers, who back up their work on a Mac XServer 10.6.6
  Permissions on the designer's Macs are set to read/write for everyone.
  Designer A backs up his job to the XServer, then Designer B needs to edit it, so she attempts to pull it off the XServer.
  Permission denied for only some of the files, not all.
  I guess I need some guidance on the proper way to administer the ACL on the Xserve.
  I have set up an ACL group on the server. The strange thing is, there are 2 sets of permissions showing, one seems normal, but the other is labeled "Custom".
  Is there any way I can log in as something other than the Administrator, and "wipe out" the custom permissions?
  I usually do not mess around in the Terminal.
  Thank you for any insights...

  As Templeton Peck says, the proper way is to use the repartitioning facility, but this will result in loss of data.
  However, SubRosaSoft do make a utility, Volume Works ($10), that will do this resizing on the fly. A complete back up would be prudent in either case.

• IMac at work, iMac at home. (Latest Yosemite and Apple Remote Desktop updates installed) Need to work from home at night. I don't know how to set my permissions so that I can just control my iMac at work.

  iMac at work, iMac at home. (Latest Yosemite and Apple Remote Desktop updates installed) Need to work from home at night. I don't know how to set my permissions so that I can just control my iMac at work.

       If they have set up port forwarding for you already then that is different.  In that case, then you could be experiencing the bug with the most recent release of ARD (3.7.2) and in particular ARD 3.7.2 and Yosemite ARD version 3.8 clients.  It has been reported numerous times in the forums and to Apple that since 3.7.2, clients are frequently unavailable to connect to despite there being no network issue between the remote computer and client computer.  I have not seen anyone report it who was working from outside the LAN to inside the LAN, but I have the same issue with a number of my own computers that are simply on a different subnet, so it stands rot reason that it would happen from a port forwarding location.
       I am sometimes able to resolve the issue locally by SSH connecting into the client computer using Terminal on my admin machine and restarting or relaunching the ARD agent on the remote device, then trying to connect to it again after about 30 seconds.
  The Terminal commands for this procedure are as follows, though you might need to include a port number from outside the LAN:
  First:
  ssh ipaddress -l adminusername
  (example: ssh 192.168.1.1 -l macadmin)
  Second:
  sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -restart -agent
  After that, waiting about 30 seconds and trying to observe or control usually works, though the computer may still fail to show an online or lit-up status indicator.

• How do we set the permissions for....

  Using Acrobat 9, Setting permissions is very confusing!
  How do we set the permissions for document so that:
  -- the end user needs no password
  -- Printing: Allowed
  -- Changing the Document: Not Allowed
  -- Doument Assembly: Not Allowed
  -- Content Copying: Not Allowed
  -- Content Copying for Accessability: Not Allowed
  -- Page Extraction: Not Allowed
  -- Commenting: Allowed
  -- Filling of Form Fields: Allowed
  -- Signing: Not Allowed
  -- Dreating of Template Pages: Not Allowed

  Not possible. If you allow filling in forms you must allow signing. BTW, while it is nice to be able to set permissions anything that depends upon passwords that you set is easily overcome by third party utilities. Don't do anything that really depends upon these permissions. If you want to set permissions using the Document Properties Dialog box (control D), then click on the Security button. In the Security Method Dialog box, select password security and fill it out as you need.

• Most efficient/quickest way to set NTFS permissions in PowerShell

  Hello all,
  Trying to figure out what the most efficient/quickest way to set NTFS permissions via PowerShell is. I am currently using ICACLS but it is taking FOREVER as I can't figure out how to make inheritance work with this command.
  This has prompted me to begin looking at other options for setting NTFS permissions in PowerShell, and I wondered what everyone here likes to use for this task in PowerShell?

  Ah ok. Unfortunately, my ICACLS is taking FOREVER. Here is the code I'm using:
  ICACLS "C:\users\[user]\Desktop\test" /grant:r ("[user]" + ':r') /T /C /Q
  However:
  1.  I can't figure out how to make the inheritance parameter work with ICACLS
  2. If I do make the inheritance parameter work with ICACLS, I still need a way to add the permission to child objects that aren't inheriting.
  Any tips on how to improve performance of ICACLS?
  1. icacls folder /grant GROUPNAME:(OI)(CI)(F)  (i will post corrected code later, this works in CMD but not powershell couse of bracers)
  2.  get-childitem -recurse -force |?{$_.psiscontainer} |%{icacls ....}  (or u can list only folders where inheritance is disabled and apply icacls just on them)
  I think jrv and Mekac answered the first question about inheritance flags. I would just add that you probably don't want to use the /T switch with icacls.exe because that appears to set an explicit entry on all child items (that's probably why it's taking
  so long).
  For your second question, I'd suggest using the Get-Acl cmdlet. It throws terminating errors, so I usually wrap it in a try/catch block. Something like this might work if you just wanted the paths to files/folders that aren't inheriting permissions:
  dir $Path -Recurse | ForEach-Object {
  try {
  Get-Acl $_.FullName | where { $_.AreAccessRulesProtected } | ForEach-Object { Convert-Path $_.Path }
  catch {
  Write-Error ("Get-Acl error: {0}" -f $_.Exception.Message)
  return
  If you're looking for speed/performance, you don't want to just use the PowerShell Access Control (PAC) module that Mike linked to above by itself. It's implemented entirely in PowerShell, so it's incredibly slow right now (unless you use it along with Get-Acl
  / see below for an example). I'm slowly working on creating a compiled version that is much faster, and I think I'm pretty close to having something that I can put in the gallery.
  Since I wasn't sure which command would give you the best results, I used Measure-Command to test a few different ones. Each of the following four commands should do the exact same thing. Here are my results (note that I just ran the commands a few times
  and averaged the results on a test system; this wasn't very rigorous testing):
  # Make sure that this folder and user/group exist:
  $Path = "D:\TestFolder"
  $Principal = "TestUser"
  # Native PowerShell/.NET -- Took about 15 ms
  $Acl = Get-Acl $Path
  $Acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule(
  $Principal,
  "Read", # [System.Security.AccessControl.FileSystemRights]
  "ContainerInherit, ObjectInherit", # [System.Security.AccessControl.InheritanceFlags]
  "None", # [System.Security.AccessControl.PropagationFlags]
  "Allow" # [System.Security.AccessControl.AccessControlType]
  (Get-Item $Path).SetAccessControl($Acl)
  # PAC Module 3.0 w/ PowerShell/.NET commands -- Took about 35 ms
  $Acl = Get-Acl $Path | Add-AccessControlEntry -Principal $Principal -FolderRights Read -PassThru
  (Get-Item $Path).SetAccessControl($Acl)
  # icacls.exe -- Took about 40ms
  icacls.exe $Path /grant "${Principal}:(OI)(CI)(R)"
  # PAC Module 3.0 w/o Get-Acl -- Took about 350 ms
  Add-AccessControlEntry -Path $Path -Principal $Principal -FolderRights Read -Force
  Unless I messed something up, it looks like the native PowerShell/.NET commands are faster than icacls.exe, at least for modifying a single folder's DACL.

• When setting up permissions for application files--URGENT

  Hello All,
  when setting up permissions for application files,
  Is this following permisson appropriate?
  If application files are owned by a single owner,
  that owner should be the oracle user.
  DN

  Here is my question again.
  when setting up permission for application file, which permission is
  appropriate?
  a) If application files are owned by a sigle owner,that owner should be oracle
  user.
  b) Application files should be owned by oracle user
  c) Application files should be owned by single user.

• Unable to set NTFS permissions on share using PowerShell. The user shows up with no rights checked off.

  I am having a little problem here with setting NTFS permissions via PowerShell. 
  Basically I am able to make a new directory on the share, and assign a user NTFS permissions however it just assigns the select user without any permissions set.
  $username = "test.user"
  $directory = "\\testlab-sv01\Share\newfolder"
  New-Item -Path $directory -ItemType Directory
  $colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
  $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit
  $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
  $objType =[System.Security.AccessControl.AccessControlType]::Allow
  $objUser = New-Object System.Security.Principal.NTAccount("$username")
  $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
  $objACL = Get-ACL $directory
  $objACL.AddAccessRule($objACE)
  Set-ACL $directory $objACL
  A side question, why isn't this native in Powershell? Is it for security reasons? I expected there to be a cmdlet for it. 
  Thanks. 
  Kyle

  When you say there are no permissions, do mean that the ACL Editor is showing 'Special permissions' and none of the other boxes are checked?
  Try changing the inheritance and propagation flags to this:
  $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags] "ContainerInherit, ObjectInherit"
  $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
  That sets the ACE to apply to the folder (InheritOnly propagation flag isn't set) , subfolders (ContainerInherit inheritance flag is set), and files (ObjectInherit inheritance flag is set), which is necessary for the ACE to not be considered 'special' in
  the ACL Editor.
  Awesome. Thanks. That did work. 
  And yes I did mean that it was showing special permissions with nothing checked. 
  Kyle

• How to set file permissions for SFTP uploaded file?

  Hello,
  is it possible to set file permissions with the SDK for files uploaded via SFTP transfer? I use the default sample plugin ftp_upload.lrdevplugin to transfer the files, but would like to tweak it to set the uploaded file(s) to permission 644 (rw-,r--,r--) on Linux server. Currently the server sets new file(s) by default to 600 (rw-,---,---).
  I am looking for an option to do the "chmod" directly from Lightroom without doing any modificatios in general to default umask, etc. settings on the server. No real UI is needed for this. Just hardcoded setting for 644 in the .lua.
  So far I've been unsuccesful in finding the way. Googled, read this forum, looked at the API. Maybe I just missed it, or does this functionality exist?
  All advice is appreciated!
  Cheers,
  Timo

  Niel's suggestion is good. You might also try posting your question in the Tiger Server forums. I'm sure Tiger Server has several ways of dealing with this.

• I have been trying to download photos. It keeps saying can't create file, please check permissions on destination folder. Ihave made sure I have set the permissions on read and write. What am I doing wrong?

  I have been trying to download photos too my MAC. It keeps saying can't create file, please check permissions on destination folder. Ihave made sure I have set the permissions on read and write. What am I doing wrong?

  Lanakivee
  Try this it worked for me Pat Willener gave it to me off the site :
  I have not read all you wrote, so I may have missed some points. As I understand it, you installed FP 10 on IE7, but it won't play any Flash content?
  Try this
  download the FP uninstaller from http://www.adobe.com/go/tn_14157
  close all browser windows, then run the uninstaller
  download the offline ActivX installer for Internet Explorer from http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player_ax.exe
  close all browser windows, then run the installer

• DPM 2012 R2 UR4 - DPM could not set security permissions on the replica or recovery point volume that was created.

  Hi All,
  I am running a fresh install of SCDPM 2012 R2 with a protection group that is backing up the 'C:\', Bare Metal and System State of some VMs. If i add any additional servers to the group since the first creation it returns the following error: 
  Modify protection group: System State & Bare Metal Recovery failed:
  Error 419: DPM could not set security permissions on the replica or recovery point volume that was created.
  Error details: The process cannot access the file because it is being used by another process
  Recommended action: Review the error details, take appropriate action and retry the operation.
  If i re-create the whole protection group it works fine.
  Could any one advise any further diagnostics I can do to try and locate the reason behind not being able to modify the group after the first creation? I can add new servers to other PGs without any issues.
  Thanks in advance,
  Dan

  If you are protecting any of the system state/BMR protection. Can you stop protection by deleting the older recovery points and then recreate the protection group.
  This thread mentions this to be a hardware issue, albeit with less information on what exact hardware issue:
  https://social.technet.microsoft.com/Forums/en-US/480679c2-1079-4847-ab38-5cc8f454ef86/error-419-dpm-could-not-set-security-permissions-on-the-replica-or-recovery-point-volume-that-was?forum=dataprotectionmanager
  Regards, Trinadh [MSFT] This posting is provided AS IS with no warranties, and confers no rights. If you found the reply helpful, please MARK IT AS ANSWER. Looking for source of information for DPM? http://blogs.technet.com/b/dpm/ http://technet.microsoft.com/en-in/library/hh758173.aspx

• Setting up permissions on iviews

  Hi All,
  Which role do I need to have to set up permissions on iviews? I need to create 2 roles for the same iviews with read only and full access
  Thnks

  Mike,
  In Portal there are Pre-Configured Roles available for Administrator and End Users:
  Check this for more detailed information:
  [Pre-configured Roles|http://help.sap.com/saphelp_nw70/helpdata/EN/8e/f0f7415e639c39e10000000a155106/frameset.htm]
  (Administration Roles & Every User Roles)
  Regards,
  Karthick Eswaran
  *Reward Points for helpful answers

• Setting up permissions on the file server

  I am attempting to set up a file server with the OS X Server that came with my mac mini.
  I need to be able to set up permissions for 4 different users to be able to read and write, however with no permission to delete.
  I went to the MacMini section (on the left hand corner of the server app), then storage, and from there set up custom permissions
  I added the four users as a group.
  When I added the group to have access to the needed file, I clicked on the drop downs.
  I allowed all permissions for inheritance and reading. I selected all permissions for writting except for "delete" and "Delete subfolders and files"
  This give me a "-" sign next to write versus the check symbol (like it was shown for Read and Inheritance)
  After I set this up... I went to one of the users to test it out, it would not allow me to drop a file on the server or delete anything.
  How do I get this to work the way I want it!?!

  You can not do this with a single ACE.  Or at least I've never been able to.  This shoud resolve.
  Please make sure you test this however.  Remember that trying to overwrite is a delete and then a write.  So if you deny delete, then you can not replace a file or folder with one of the same name.  Also, renaming a file is also a delete.  You will not be able to rename.  Make sure you test this before putting into production to ensure you are getting the behavior you want.
  You have a share point named Archive.  You have a group called Archive_Users.  The Archive_Users are allowed to read and write but NOT delete data in the Archive.  Do do this, follow these steps:
  1:  Create a group called Archive_Users and place your users into the group.
  2:  Define your share point in File Sharing.
  3:  Edit to share point to add the group.  Press the + button and start typing the group name.  When it appears, set the permission to Read Write.  You permission window should have 4 entries at this point.  The everyone, the group (likely staff), and the owner (likely the server admin).  Then the one you added.  The bottom three are POSIX, the final one is an ACE.
  4:  Now, you need to get your hands dirty and create a custom ACE.  Server.app does not allow you to use the Deny rules so break out Terminal.
  5:  I will assume the Archive folder is in this path /Shares/Archive.  First get a list of the folder's ACL using:
  ls -le /Shares/Archive
  It should like like the following:
  drwxr-xr-x+ 2 carbon  wheel   68 Feb 18 22:27 Archive
  0: user:_spotlight inherited allow list,search,file_inherit,directory_inherit
  1: group:archive_users allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextat tr,writeextattr,readsecurity,file_inherit,directory_inherit
  6:  Now you must add your deny rule.  Use the following command:
  chmod +a# 2 "group:archive_users deny delete,file_inherit,directory_inherit" /Shares/Archive
  The syntax here is to add (+a) an ACE at index 2 (# 2), an ACE for the group archive_users that states the group can no delete any file or folder and this is inherited all the way down.
  7:  If you have content in the folder already, be sure to propagate the permissions.
  8:  Test, test, test.
  Remember, the deny rules can have some odd effects.  As mentioned, I can think of the renaming and the overwrite as possible deterrents.
  A possible alternative is to not give everyone read write access to the Archive. It might be more sane to define two groups.  The first groups, Archive_admins, is a subset of users who are entrusted with moving data to archived status.  The second group, Archive_users, is the rest of the team and they have read only access, allowing them to pull data but not edit the archive.  This allows you to use two simple ACEs in Server.app:  Archive_admin = read/write and Archive_users = read.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

• Set windows permissions for folder

  My labview app is being installed to the prog files dir for the app by an installer created by the LV Dev System.  i encounter a problem when trying to store a config file for the app to the directory during user customization of settings after app installation because the file I am trying to update is read only due to win 7 defaults.  I try to set the permissions for the folder programmatically, but it does not change the folder to a NOT read only one.  What is the trick here?  Do I need to put my config files in another directory somewhere or is ther a way to change the folder settings so I can create temp files in that folder?

  Creating temporary config files in Program Files is not very good practice. I would do it in the public user folder.
  How are you setting the parameters?
  Did you use the following?
  http://zone.ni.com/reference/en-XX/help/371361J-01/glang/set_permissions/
  http://zone.ni.com/reference/en-XX/help/371361J-01/glang/setting_permissions/
  Excerpt from the link above:
  You can use permissions to change only write permissions for users (bit 7); the operating system ignores all other changes to the bits.
  Beginner? Try LabVIEW Basics
  Sharing bits of code? Try Snippets or LAVA Code Capture Tool
  Have you tried Quick Drop?, Visit QD Community.

• My itunes keeps asking me to set my permissions.  they are set to read and write for all accounts, admin, everybody, etc.  don't know why it won't let me download

  my itunes keeps asking me to set my permissions.  they are set to read and write for all accounts, admin, everybody, etc.  don't know why it won't let me download

  Ever find a real solution to this? I just posted something similar - been having the issues ever since I started using the mac.
  I have 5 mac accounts: 2 of those are admins.
  After I installed every program I may possibly want, I redid all my user accounts (as I had been having a lot of permissions issues before that). My (admin) account downloads fine. Another admin account, set up exactly as mine, periodically gets prompted that it doesn't have the right to download.
  To avoid duplication, I have a /common/music directory for all itunes accounts music. We have to periodically do a recursive permissions deal on the 2nd admin account so it can put music there, even though that directory is read/write for everyone. Apple's never been able to help me on this...

• Exchange Online - Set FOLDER permissions recursively in shared mailbox

  I posted this in the 365 forums. Reposting here see if it gets any traction. Thanks
  I have a shared mailbox that is being used instead of public folders. Having trouble with the folders within the shared mailbox syncing to the various users. Want to move folders out of the shared
  mailbox but continually run into errors regarding permissions and I must manually find the offending subfolder and set permissions.<o:p></o:p>
  So, I have two questions:<o:p></o:p>
  1. How can I configure the shared mailbox so that all folders that are created, regardless of which user creates them, will inherit permissions. Any folder created should automatically have permissions
  set to owner for a specific security group.<o:p></o:p>
  2. How can I set the permissions on these exisiting shared mailbox folders, recursively (all sub folders) ? I have tried the following:<o:p></o:p>
  Get-MailboxFolder –Identity user1:\Folder -Recurse | Add-MailboxFolderPermission -User user2 -AccessRights Owner<o:p></o:p>
  But I get an error that the mailbox is not found. I believe that the command above does not work on shared mailboxes.<o:p></o:p>
  I also found the following, but can not seem to get it to run. I have tried to run as a ps1 file and directly in powershell - I dont get any errors.<o:p></o:p>
  ForEach($f in (Get-MailboxFolderStatistics
  [email protected] | Where { $_.FolderPath.Contains("/") -eq $True } ) )
  $fname = "[email protected]:" + $f.FolderPath.Replace("/","\"); Add-MailboxFolderPermission $fname -User
  [email protected] -AccessRights Owner
  Write-Host $fname
  Start-Sleep -Milliseconds 1000
  }<o:p></o:p>
  Any help is appreciated. Thanks<o:p></o:p>

  First of all, why don't you just give permissions on the mailbox level instead?
  If Office 365, the
  Get-MailboxFolder cmdlet only works for you own mailbox. So you have to use the  Get-MailboxFolderStatistics as shown in the example. You will need to adjust this to give permissions to the Root folder and its best to actually exclude some of the
  folders.
  The example below should work, note that there is practically no error handling there, so test it first. Also, if the access entry already exists, you will get error messages.
  $mailbox = "[email protected]"
  $folders = Get-MailboxFolderStatistics $mailbox | ? {$_.FolderType -ne “Root” -and $_.FolderType -ne “Recoverableitemsroot” -and $_.FolderType -ne “Audits” -and $_.FolderType -ne “CalendarLogging” -and $_.FolderType -ne “RecoverableItemsDeletions” -and $_.FolderType -ne “RecoverableItemspurges” -and $_.FolderType -ne “RecoverableItemsversions”}
  Add-MailboxFolderPermission $mailbox -User [email protected] -AccessRights Reviewer #root permissions
  foreach ($folder in $folders) {
  $FolderPath = $folder.FolderPath.Replace("/","\").Replace([char]63743,"/") #with PowerShell v3 'fix'
  $MailboxFolder = "$mailbox`:$FolderPath"
  Add-MailboxFolderPermission "$MailboxFolder" -User [email protected] -AccessRights Reviewer