Sharing a Raid and Propagating Permissions

Similar Messages

• Need help with ACLs and propagating permissions

  I'm currently setting up our new server, for which we're moving away from Windows entirely (both on the server and user workstation ends), and I'm currently having some questions about permissions. I've been scouring the OS X Server Advanced Admin pdf, but there are numerous holes in the exposition of permissions from the ACLs down to the proper way to propagate permissions when a manual touch is required. What I'm trying to do is allow one group to have read access only until they get to a certain subdirectory, at which point they can then write to that level; then for the second group, they only need read access for a specific folder down the line from the starting directory. I'll include some example images with a test folder I've created so that it may be a little easier to understand what my goals are with the Server app's permissions. Thank you in advance for all your help.

  You need the advanced permissions editor.  You are trying to convert inherited permissions to explicit.  If I understand what you want, you would go about it like this.
  You have two groups; GroupA and GroupB.  GroupA is the limited group.  You want them to be able to read everything and write to limited locations.  GroupB can read and write everywhere.  So based on your example, you would do this to start:
  At the parent folder level, you are defining GroupA to be able to read and GroupB to read and write.
  Now to drill down.  In Server.app select your server.  This is the first item in the side bar.  On the right, choose Storage.  Drill down to where your shared folder is located and select it.  From the Gear menu, chose Edit Permissions as shown here:
  You will note that GroupA and GroupB are both gray.  This denotes that they are inherited entries at this level.  You must break the inheritance and start over.  To do this, press the small gear icon on the edit permissions sheet and choose "Make Inherited Entries Explicit."  GroupA and GroupB will turn black, allowing you to edit them.  Change GroupA from Read to Read Write.  Press OK to close the sheet.
  Now, if you already have data inside the folder, you can use the large gear menu and choose Propagate Permissions.  This will ensure that your data will reset with the new ACL.
  Reid
  Apple Consultants Network
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
  Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

• ACL Not Propagating Permissions to All Descendants

  I am curious why new files and folders added by users do not retain the permissions allocated to the parent folder by an ACL.
  The ACL description says that the permissions are propagated to the child files and folders as well as all descendants. But when a user logs in and creates a new item to share in a group folder, the ACL does not apply. Instead the new item takes on the individual user's permissions (Owner is the User, instead of the Group.)
  Is the new folder too far down in the directory to be considered a descendant? (3 layers deep.) Is there a known issue with Leopard users logging into a Tiger server?
  Any light shed on this issue is greatly appreciated. Thank you.

  I should add that I can remedy this problem by manually going in to Server Admin and propagating permissions on the troubled share-point, but I would rather not have to do this every time a user creates a new item.

• Replace the Hot Spare that Shared between Raid 1 and raid 5

  I have ProLiant ML370 G6  with Smart Array P410i Controller on System Board 
  I have two Logical Drive (Logical Drive 1 - Mirroring (RAID 1) And (Logical Drive 2 - Distributed Data Guarding (RAID 5)
  The logical Drive 1- Mirroring (RAID 1) Have two Physical Drives 
  The Logical Drive 2 Distributed Data Guarding (RAID 5 Have three Physical Drives
  And There Are One Spare Drive Shared btween RAID 1 and Raid 5 
  Controller Configuration Summary
  2 Data Array(s)
  2 Data Logical Drive(s)
  5 Data Drive(s)
  1 Spare Drive(s)
  The problem :
  there are that the spare Drive FAil and have warining To replace it 
  I  replace this drive with new one but the repulid for the Drive not start and Give Inactive 
  How Repulid the Hot Spare drive  ?

  Hello Amostafa,
  Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums I would like to direct your attention to the HP Forums Guide First Time Here? Learn How to Post and More.
  I understand that you are looking to rebuild the hot spare drive on your ProLiant system, and I would be happy to guide you towards a resolution!
  I am sorry, but to get your issue more exposure, I would suggest posting it in the commercial forums, since this is a commercial product. You can do this at:   
  http://h30499.www3.hp.com/t5/ProLiant-Servers-ML-DL-SL/bd-p/itrc-264
  I hope this helps!
  Regards
  MechPilot
  I work on behalf of HP
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos, Thumbs Up" on the right to say “Thanks” for helping!

• File and directory permissions

  We are running OSX 10.7 Lion on a Mac Pro 1,1 IN RAID. We are using this system als fileserver. Since last year it came to our attention that there where problems with the permissions on the files and directories (they seem corrupted). I do not mean system files but the files we stored on this server. When I look at random file permissions I get a whole list of users etc. A lot of duplicate users are there and also there are some entries in the list saying 'fetching'.
  We use the server admin tool to manage groups and users.
  This is what we have done so far:
  - Try to repair permissions through terminal (because of RAID configuration)
  - Propogate permissions through server app
  - Resetpassword trick (restart cmd+R / terminal / resetpassword)
  Can anyone tell me how to get this working 'clean' again? is there a way to reset all files according to the workgroup/user settings in the server app?

  Sounds a bit like the temp files are not being 'closed' after being written
  to or read by Labview. If you are using the advanced file vi's make sure
  that they are closed afterwards.
  If the OS assumes they are open then it will not allow deletion etc even
  outside of Labview.
  bubucis wrote in message <7kv2kl$3flk$[email protected]>...
  >Hello!
  >
  >Does anybody know how Labview deals with file and directory permission
  >locking under WinNT.
  >I have a following problem. There is a main VI running in a state machine
  >mode and it fires up a SubVI that has a bunch of SubVIs. One of these
  >SubVIs are creating a temporary directory and files that I want to delete
  >once everything is over. However I always get a file permission error when
  >trying to delete those f
  iles, also when using Explorer and trying to delete
  >those files I get a file sharing error. This happens even when main VI has
  >been stopped. How comes LabVIEW does not unlock that file and directory.
  >Rather annoying!
  >Thanks for you help.
  >
  >Reinis Kanders
  >
  >

• General HELP for RAID and HOME NETWORK... I'm a bit lost :(

  First off, I'm sorry about the long post but I just wanted to ask everything at once since I don't know what effects what?
  Over the past years I've had a MBP and have always added Western Digital Mybook drives whenever I needed storage. One of clicked and died this past year and I lost some data since I was "MANUALLY" backing up. Since then I've tried to read about RAID, NAS, and DROBO type devices.
  I recently bought a Mac Pro 2008 edition because I needed more speed. I mainly edit wedding photos in Lightroom but also come from a heavy motion graphics background and do some After Effects projects from time to time.
  Here's a list of my current setup and what I'm hoping to achieve but I'm in over my head of what to do???
  1 Mac Pro (2008 edition) - I'm considering setting up 4 1TB harddrives inside that are mirrored. I was looking at the Caviar Black or Hitachi drives...
  2. I have two Airport Extreme Base Stations for my home network. (One is plugged into my Mac Pro and the other is near my Vizio LCD and Xbox 360. I've been toying around with sharing iPhoto slideshows (which I really like the idea of) The problem is that it seems really slow for video and hiccups on the stills sometimes. It doesn't seem to make a difference if it's pulling it from the Mac Pro or from a USB drive attached directly to my Airport Extreme. How do I speed this up? Is it always going to be faster to stream from the Mac Pro over ethernet cable than a harddrive plugged in through USB?
  3. A few RAID and NAS solutions I've been looking at are the following but I don't really understand what I get with an external device vs an internal? I also don't know which is BETTER? for easy reliable backup.
  http://firmtek.stores.yahoo.net/sata5pm2se2.html
  http://www.dlink.com/products/?sec=0&pid=667
  http://www.qnap.com/prodetail_feature.asp?pid=110
  http://eshop.macsales.com/shop/hard-.../RAID/Desktop/
  http://www.synology.com/enu/products/CS407/index.php
  4. I've been reading mixed reviews about the Drobo but don't quite understand if it's a better solution then setting up a mirror INSIDE my Mac Pro. I DO NOT want to buy a $900 raid card for the Mac Pro though. Do most people choose the Drobo because they only have laptops? Should I only consider building something inside my Mac Pro?
  5. I was considering Chonosync for backing up 3rd level backups
  6. I just bought a Blu-Ray drive for 4th level backups that I can send off site.
  7. I have all these other Mybooks. Two of them are mirrored but only one is a 1TBx2 Sata drive. The rest are IDE. I guess I'll just use these for misc things? Maybe just plug one into the Xbox for watching movies?
  8. My neighbor down the hall has a similar setup and is using a Mac Mini to stream things (through Front Row) like Hulu and videos another room to his TV. Mine doesn't seem to stream fast enough. Since I have the MBP that I will use rarely since I got my desktop I was considering using that instead of Apple TV or a Mac Mini but it's too slow? Maybe I set it up wrong?
  PLEASE HELP? I don't know what I'm doing.

  A few RAID and NAS solutions I've been looking at are the following but I don't really understand what I get with an external device vs an internal? I also don't know which is BETTER? for easy reliable backup.
  Hi,
  For backup, video work, photography and expanding the Mac Pro storage capability the FirmTek SeriTek/5PM would be my choice. The bundle that you pointed to will work if 130MB/sec. is fastest enogh for your needs. The card is only $70 in the bundle which makes it a nice deal.
  http://firmtek.stores.yahoo.net/sata5pm2se2.html
  If you want 200MB/sec, performance I would go with the Sonnet Tempo E4P or the HighPoint RR 2314 if you desire RAID 5 redundancy.
  http://www.amug.org/amug-web/html/amug/reviews/articles/sonnet/mac-pro/
  http://www.amug.org/amug-web/html/amug/reviews/articles/highpoint/2314/
  Trying to use NAS via the network will be 3-7x slower than the SeriTek/5PM. The SeriTek/5PM is a much better choice for backup, video and photography. NAS is good for low energy, always on, low use server needs. However, you can simply turn Mac OS X file sharing on and the Mac Pro will provide performance faster than any NAS.
  Drobo - Why do people even consider this option?
  The performance is USB speed even with a FW800 connection.
  Users have reported losing data with firmware updates.
  And the unit is one of the most expensive, slow performing options available. I cannot image ever wanting a Drobo
  Backup Software:
  I like SuperDuper. I also like using the "Restore" tab in Disk Utility to clone one disk to another. The key to good backup is to keep it simple and regular.
  MyBook - NOT
  If your storage needs exceed more than a single FireWire backup disk you really need to go with eSATA. The SeriTek/5PM and the Mac Pro combination provides virtually unlimited storage capabilities as the tray system allows new hard disk sets to be easily loaded or dismounted.
  Have fun!

• Image Capture from iPhone to OS X and File Permissions

  Hello.  I'm running Lion 10.7.3 and have an iPhone 4S and iPad 2.  When I use the Image Capture app to transfer pictures and videos from my devices to OS X it works great with the exception of one problem.  Every file that it copies over ends up with permissions of:
  (Me): Read & Write
  everyone: No Access
  This is problematic because when my wife is logged into her profile or anyone else tries to view these files via shared folders, they can't see them.  I'm putting them into a folder I created on "Macintosh HD".  The folder that they are in has permission of:
  (Me): Read & Write
  wheel: Read only
  everyone: Read only
  Each time I import I suppose I could drop into Terminal and run a command to fix the issues but there must be a better way.
  Any ideas?  Thank you in advance.

  Got a solution using Automator.
  Create a workflow like:
  This is an Image Capture Plugin. When you open Automator select Image Capture as the type of workflow and select these two actions.
  Copy Finder Items will take the image from Image Capture and copy to your disk. Select the folder you want the image to go to in the To: pulldown. You should select the /Users/Shared folder and any subfolder you wish. I made a folder named Images.
  In the second action make sure Pass Input: is set to as arguments and then add the chmod 644
  Then exit Automator giving the workflow a name. In Image Capture you should see the workflow you just created
  in the Import To: pulldown. Select it. Now when you import the fiels wil be copied to the folder you specified and the permissions will be set to 644 rw for you r for everyone else.
  good luck. post back if you have any questions.
  (and this is in the Lion list so my question about Aperture above is meaningless! )

• Newly imported photos in shared iPhoto library have wrong permissions

  I have recently encountered some problems with a shared iPhoto '09 library. When I initially shared it by placing it in users/shared iPhoto prompted to fix the permissions and everything was hunky dory. However, it seems that any newly imported photos do not have their permissions set properly so that the other user of the library on my computer can't do useful things like edit or email the newly imported photos.
  Looking inside the library reveals that the permissions on newly imported photos are set to read write for me as the owner and no access for 'everyone'. If I hold down cmd-opt and repair permissions it is all fine - until I import some new photos and then the permissions are wrong for those.
  I noted this effect on a pristine iPhoto library that I created to test this as well as my venerable iPhoto library.
  Is there something I can do to change this behaviour so newly imported photos get the correct permissions set and the shared user of this library (my wife) is able to edit and email photos I import (and, presumably, vice versa)?

  I have made changes to permissions to my old library a number of times. Originally this was to enable sharing in earlier versions of iPhoto and it worked fine. For example I've added a group that consists of myself and my wife and given it read and write permissions and applied that to all enclosed items. I've also had iPhoto repair the permissions as per the startup options.
  Notwithstanding this, I created a new library in my pictures folder; moved it to the shared folder; switched accounts and allowed iPhoto to repair permissions; switched back and then imported new photos. While most files and folders inside the package are OK (including any modified files and the enclosing originals/year/event folder) the actual original photo files themselves have the permissions problem. This seems to prevent emailing or editing by the other account.

• I changed my username and now afp doesn't show any users. I have file sharing on. And also when I select "get more info" on the shared folders they don't have my username in there. it just has "applepc(me)" it my old username before changing it.

  I changed my username and now afp doesn't show any users. I have file sharing on. And also when I select "get more info" on the shared folders they don't have my username in there. it just has "applepc(me)" my old username before changing it showed the correct username? please any help would be great.

  Turn Time Machine OFF temporarily in its preference pane. Leave the window open.
  Navigate in the Finder to your backup disk, and then to the folder named "Backups.backupdb" at the top level of the volume. If you back up over a network, you'll first have to mount the disk image file containing your backups by double-clicking it. Descend into the folder until you see the snapshots, which are represented by folders with a name that begins with the date of the snapshot. Find the one you want to restore from. There's a link named "Latest" representing the most recent snapshot. Use that one, if possible. Otherwise, you'll have to remember the date of the snapshot you choose.
  Inside the snapshot folder is a folder hierarchy like the one on the source disk. Find one of the items you can't restore and select it. Open the Info dialog for the selected item. In the Sharing & Permissions section, you may see an entry in the access list that shows "Fetching…" in the Name column. If so, click the lock icon in the lower right corner of the dialog and authenticate. Then delete the "Fetching…" item from the icon list. Click the gear icon below the list and select Apply to enclosed items from the popup menu.
  Now you should be able either to copy the item in the Finder or to restore it in the time-travel view. If you use the time-travel view, be sure to select the snapshot you just modified. If successful, repeat the operation with the other items you were unable to restore. You can select multiple items in the Finder and open a single Info dialog for all of them by pressing the key combination option-command-I.
  When you're done, turn TM back ON and close its preference pane.

• How to set NTFS and share permissions for Users share for home directories in Server 2012

  I have a new Server 2012 server, and I want to set up a Users share, that will contain subfolders of each user's username and contain their home directory.  But what do I set the share and NTFS permissions as on the root level, lets call the folder
  Users? Is the following older article the correct permissions I need?
  https://support.microsoft.com/kb/274443

  Hi RJO22,
  You can choose configure the Folder Redirection, Folder Redirection enables you to redirect the location of specific folders within user profiles to a new location, such as
  a shared network location. Folder redirection is used in the process of administering user profiles and roaming user profiles. You can configure Folder Redirection using the Group Policy Management Console to redirect specific user profile folders, as well
  as edit Folder Redirection policy settings.
  The related KB:
  Folder Redirection Overview
  http://technet.microsoft.com/en-us/library/cc732275.aspx
  Specify the Location of Folders in a User Profile
  http://technet.microsoft.com/en-us/library/cc771969.aspx
  I’m glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Mac Mini Sever - Public Share - how enable read and write permissions for new remote files

  Hi,
  this Sunday a friend ask me to help hum with a problem on is Man Mini Server. He has a small office and uses the mini server to share a public folder to all his employees.
  Everyone that creates a file, saves it to the public folder at the mini mac.
  That problem is that, who creates the file owns it and remains with read-only permissions to everyone else. The owner has to change the file permission in order to the rest of the employees can work on it.
  I do not know mac arquitecture, I only work with windows and linux, but i suspect the principles are the same.
  We try to create another folder , and share it, but it happens the same. Have you any ideas on what is wrong?
  I suspect it has anything to do with de file Sharing at the mini mac, but it has read and write permissions for everyone.
  Thanks for your help.

  signed applet. You aren't going to find any easy way to distribute that policy file to users, and that policy file, if you asked me to put it on my PC, I'd tell you to take a flying leap. That would open any applet to access.

• Solved - How to take ownership and change permissions for blocked files and folders in Powershell

  Hello,
  I was trying to take ownership & fix permissions on Home Folder/My Documents structures, I ran into the common problem in PowerShell where Set-Acl & Get-Acl return access denied errors. The error occurs because the Administrators have been removed from
  file permissions and do not have ownership of the files,folders/directories. (Assuming all other permissions like SeTakeOwnershipPrivilege have been enabled.
  I was not able to find any information about someone successfully using native PS to resolve the issue.  As I was able to solve the issues surrounding Get-Acl & Set-Acl, I wanted to share the result for those still looking for an answer.
  Question: How do you use only Powershell take ownership and reset permissions for files or folders you do not have permissions or ownership of?
  Problem: 
  Using the default function calls to the object fail for a folder that the administrative account does not have permissions or file ownership. You get the following error for Get-Acl:
  PS C:\> Get-Acl -path F:\testpath\locked
  Get-Acl : Attempted to perform an unauthorized operation.
  + get-acl <<<< -path F:\testpath\locked
  + CategoryInfo : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException
  + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand
  If you create a new ACL and attempt to apply it using Set-Acl, you get:
  PS C:\> Set-Acl -path F:\testpath\locked -AclObject $DirAcl
  Set-Acl : Attempted to perform an unauthorized operation.
  At line:1 char:8
  + Set-Acl <<<< -path "F:\testpath\locked" -AclObject $DirAcl
  + CategoryInfo : PermissionDenied: (F:\testpath\locked:String) [Set-Acl], UnauthorizedAccessException
  + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
  Use of other functions like .GetAccessControl will result in a similar error: "Attempted to perform an unauthorized operation."
  How do you replace owner on all subcontainers and objects in Powershell with resorting to external applications like takeown, icacls, Windows Explorer GUI, etc.?
  Tony

  Hello,
  Last, here is the script I used to reset permissions on the "My Documents" tree structure that admins did not have access to:
  Example:  Powershell script to parse a directory of User-owned "My Document" redirection folders and reset permissions.
  #Script to Reset MyDocuments Folder permissions
  $domainName = ([ADSI]'').name
  Import-Module "PSCX" -ErrorAction Stop
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
  #Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeSecurityPrivilege", $true) #Optional if you want to manage auditing (SACL) on the objects
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
  $Directorypath = "F:\Userpath" #locked user folders exist under here
  $LockedDirs = Get-ChildItem $Directorypath -force #get all of the locked directories.
  Foreach ($Locked in $LockedDirs) {
  Write-Host "Resetting Permissions for "$Locked.Fullname
  #######Take Ownership of the root directory
  $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
  $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  $Locked.SetAccessControl($blankdirAcl)
  ###################### Setup & apply correct folder permissions to the root user folder
  #Using recommendation from Ned Pyle's Ask Directory Services blog:
  #Automatic creation of user folders for home, roaming profile and redirected folders.
  $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
  $propagation = [system.security.accesscontrol.PropagationFlags]"None"
  $fullrights = [System.Security.AccessControl.FileSystemRights]"FullControl"
  $allowrights = [System.Security.AccessControl.AccessControlType]"Allow"
  $DirACL = New-Object System.Security.AccessControl.DirectorySecurity
  #Administrators: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators",$fullrights, $inherit, $propagation, "Allow")))
  #System: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM",$fullrights, $inherit, $propagation, "Allow")))
  #Creator Owner: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("CREATOR OWNER",$fullrights, $inherit, $propagation, "Allow")))
  #Useraccount: Full Control (ideally I would error check the existance of the user account in AD)
  #$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked.name",$fullrights, $inherit, $propagation, "Allow")))
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked",$fullrights, $inherit, $propagation, "Allow")))
  #Remove Inheritance from the root user folder
  $DirACL.SetAccessRuleProtection($True, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  #Set permissions on User Directory
  Set-Acl -aclObject $DirACL -path $Locked.Fullname
  Write-Host "commencer" -NoNewLine
  ##############Restore admin access & then restore file/folder inheritance on all subitems
  #create a template ACL with inheritance re-enabled; this will be stamped on each subitem to re-establish the file structure with inherited ACLs only.
  #$NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked.name") #ideally I would error check this.
  $NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked") #ideally I would error check this.
  $subFileACL = New-Object System.Security.AccessControl.FileSecurity
  $subDirACL = New-Object System.Security.AccessControl.DirectorySecurity
  $subFileACL.SetOwner($NewOwner)
  $subDirACL.SetOwner($NewOwner)
  ######## Enable inheritance ($False) and not copy of parent ACLs ($False)
  $subFileACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  $subDirACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  #####loop through subitems
  $subdirs = Get-ChildItem -path $Locked.Fullname -force -recurse #force is necessary to get hidden files/folders
  foreach ($subitem in $subdirs) {
  #take ownership to insure ability to change permissions
  #Then set desired ACL
  if ($subitem.Attributes -match "Directory") {
  # New, blank Directory ACL with only Owner set
  $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
  $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  #Use SetAccessControl to reset Owner; Set-Acl will not work.
  $subitem.SetAccessControl($blankdirAcl)
  #At this point, Administrators have the ability to change the directory permissions
  Set-Acl -aclObject $subDirACL -path $subitem.Fullname -ErrorAction Stop
  } Else {
  # New, blank File ACL with only Owner set
  $blankfileAcl = New-Object System.Security.AccessControl.FileSecurity
  $blankfileAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  #Use SetAccessControl to reset Owner; Set-Acl will not work.
  $subitem.SetAccessControl($blankfileAcl)
  #At this point, Administrators have the ability to change the file permissions
  Set-Acl -aclObject $subFileACL -path $subitem.Fullname -ErrorAction Stop
  Write-Host "." -NoNewline
  Write-Host "fin."
  Write-Host "Script Complete."
  I hope you find this useful.
  Thank you,
  Tony
  Final Thought: There are great non-PS tools like
  Set-Acl and takeown which are external to PS & can also do the job wonderfully.  It may be much simpler to call those tools than recreate the wheel in pure
  code.  Feel free to use whatever best suits your time, scope & cost.

• Copy usernames and file permissions from old workgroup to new Active Directory

  Hi,
  I have a Windows Server 2003 R2 with about 60 users, 100 shared folders and 5000 subfolders. Each folder has share and protection permissions. Each subfolder has protection permissions. No active directory.
  I need to install Windows Server 2012 R2 (as Primary Domain Controller) and re-create
  the same users (which can have different guid but with the same username as the old server)
  the same shared folders, with the same permission as the old server granted to the users
  the same subfolders, with the same permission as the old server granted to the users
   all under Active Directory.
  Is there a way to automate these steps?
  Thanks!

  Look in script repository for scripts that export local users and groups.
  You will have to learn how these two systems work and develop a script / method for translating between the two systems.  It is very dependent on what has been don on old system.  Using USMT and MDT would be the best. 
  Post in the deployment forum for instructions on how to use the MDT to migrate users in a batch.  You would start by adding the 2003 server to the 2012 domain and then the MDT can be customized to do the move.
  https://technet.microsoft.com/en-us/windows/dn475741.aspx?f=255&MSPPError=-2147217396
  https://social.technet.microsoft.com/Forums/en-US/home?forum=mdt
  ¯\_(ツ)_/¯

• File sharing between windows7 and mac not working

  hi i have been having an issue with file sharing between my mac and pc. my pc running windows 7 can connect to my two macs running mavericks (mbp and mini) but i cannot connect to the pc from my macs. i have file sharing using smb setup on my macs as well as the workgroup setup. i can see the pc in my finder shared tab but when i enter the username and password it loads like its trying to connect and then says cannot connect or sometimes makes you re enter the password and still nothing. i also tired connecting through finder go tab and connect to server but when i type in my ip it asks to input the user and password but wont accept it it just shakes and deletes the text in the user and pass fields. on my pc i have file sharing enabled and like i said i can access my macs no problem. i will give a quick guide of how i try to connect
  Pc name is RAID-PC
  my admin account name is RAID
  pass is: dapice (not actual)
  ip address 192.168.2.20
  when I click on the raid pc under the shared tab in finder i put as the user RAID and pass dapice ....doesn't work
  under the finder go tab connect to server i put smb://192.168.2.20 then push the + and then connect enter RAID as user and dapice as pass... unsuccessful
  i have tired reinstalling windows 7 didn't help i tired installing windows vista and also didn't work
  i have reinstalled mavericks and that also didnt work
  i have spend HOURS looking for the answer and trying all different this with no success any help will be appreciated

  Information.
  SMB Shares - Mount
  SMB Shares - Mount (2)

• File sharing problem because of file permissions mistake?

  Hi,
  this is my prob:
  Can't connect via personal file sharing from other macs to my G5 (10.4.3).
  Everything is hooked up properly, a G4 and a G3 powerbook exchange data this way without probs in my network.
  The G5 shows up under the network icon, connects, but as soon as I try to click on the now mounted server-icon of the G5 it stalls and at the same time the system preferences pane on the G5 turns off Personal file sharing by itself. Firewall is off anyway BTW.
  Thinking around the prob, I came to the conclusion that file permissions might be the reason and I tried to make a file permission 'first aid' run ...
  but 'first aid' wouldn't do anything but tell me 'can't repair ... no packets found' ... uh?
  Any ideas?
  Thx a million
  Alex
  iMac G5 2GHz   Mac OS X (10.4.3)  

  I'll tell you some, but certainly not all, of the things I have tried.
  1. I connected an iBook directly to the eMac without a hub or router involved. Same result.
  2. I can even network an old 8.6 6500 and I get the the disk icon on the desktop and then I get a disconnect. And the "file sharing" check box is unchecked.
  3. I have gone in to the network using name of computer, IP addresses and all that those other methods. Same result.
  4. I have trashed various permissions and repaired permissions both off the system drive and off of the installer DVD.
  Networking is useful for me but not critical to what I do.
  I have resorted to putting an icon for a folder on my G4 on the desktop of the eMac so that if I need a file my secretary drops it in there, I work or it and then she drags it out and replaces the file on the eMac. Sort of a step above a "sneaker network". I think that the next up-grade might just fix the problem. John