Sunday, July 17, 2016

Quickly changing Windows permissions for a huge directory tree?



I have a huge directory on an NTFS file-system
(i.e. a top-level directory containing tens or hundreds of millions of descendant nodes with the file nodes probably on average about three levels deep) that I need to change permissions for. In particular, I need to give a new user (or group) read-only access to absolutely everything in the directory tree.



The most obvious place to do this is in Windows Explorer by right-clicking the top-level directory and going to the security tab of the directory properties window. However, when trying the obvious things there Windows Explorer seems excited to recursively traverse the whole directory tree and try to modify something or other about the permissions of each node in the tree. This is extremely inefficient for such a large directory!




Can anyone offer any tips for changing permissions without this recursive descent? Do I need to click something particular in the GUI? Do I need to use command-line tools? Could this potentially be the result of a previous sysadmin doing something weird to the permissions in this directory?



I also need to enable network sharing and let the user/group mount the directory over the network. Haven't tried that yet, so I don't know if there will be a similar can of worms when I try to enable sharing.



This is on Windows 2008 Server if it matters.



EDIT: People are right that it probably makes more sense to give permission to a domain group rather than a particular account, so I've made note of this above (That's what I was doing anyway. I don't know why I specifically asked about adding a user in the original question. Sorry for the sloppiness). But of course adding a group to a folder's permissions list isn't any faster than adding a user (None of the existing groups are assigned read-only permissions).


Answer



In this case, there's no need to mess with the NTFS permissions.




Just create a Share to the top-level directory and add the users or groups to the share with Read-Only (or if you want Write) permission.



Even if Everyone has Full Control NTFS permissions on the top-level directory, the most restrictive permission (Share or NTFS) will be used.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...