Problem solve Get help with specific problems with your technologies, process and projects.

How can I remove inherited permissions from one person, not everyone in the folder?

An administrator wants to know why, if he tries to remove inherited permissions from one person, he ends up removing them from everyone in that folder.

I am having a hard time with permissions. If I try to remove inherited permissions from one person, I end up removing...

them from everyone in that folder. Sometimes I have to go directly to the file to assign permissions, other times not.

I thought if you assign permissions to a folder and selected inherit, it should filter down to all the files in that folder. Obviously I'm doing something wrong.

Note: We recently migrated from Novell to Microsoft and now we have eight servers in a Citrix environment.

When assigning NTFS permissions to an object, there are two options available on the "Advanced" tab that might be your source of confusion.

The first option is "Inherit from parents the permission entries that apply to child objects." If this check-box is enabled, the folder you're working on will receive all inherited permissions from further up the directory tree.

So if you're looking at a folder called Folder1 in the path "C: \Home \Folder1", leaving this option checked will allow Folder1 to receive any permissions that were assigned to C:\and C: \Home, as well as any permissions assigned directly to C: \Home \Folder1.

You cannot remove any permissions assigned to Folder1 via inheritance unless you disable this option. If you remove this check-mark, you are effectively turning off inheritance for this folder. When you remove this check-mark, you have the option of Copying existing permissions, or Removing all existing permissions and starting from scratch. If you remove existing permissions, you'll need to manually specify all permissions for this folder since there will be none left from the permissions inherited from C: \ or C: \Home.

The other option is "Replace Permission entries on all child objects with entries shown here." By placing a check-mark here, you're specifying that any folders under Folder1 will inherit any permissions that you assign to Folder1. Inheritance basically starts over from this point.

Dig Deeper on Windows Server storage management