To manage the NTFS Permissions, the currently logged on user or the User Credentials specified must be an:
By default, NTFS Security Manager uses the currently logged on user context to connect to a domain/server. If NTFS Security Manager determines, that the currently logged on user does not have sufficient permissions on the specified server, an ‘Enter Network Password’ dialog appears allowing the user to enter the User Credentials to connect to the server. The NTFS Security Manager then establishes a session with the destination domain/server, using the user credentials specified.
If ‘Use Active Directory Services’ is selected as Computer Enumeration option, then you can specify alternate domain credential (having domain administrator privileges) for managing all computers in each domain. In this case, NTFS Security Manager establishes a session with the destination domain/server of the specified domain, using the specified user credential.
To read data from a Windows Server on the network, the currently logged on user or the User Credentials specified must:
“Enable NetBIOS over TCP/IP” option is enabled under the “Advanced” button in WINS tab of the TCP/IP property sheet.
When modifying the NTFS permissions of the share / while reading the NTFS permissions of the share, you can get the above stated message. The following may be one of the reasons for such a scenario:
When the Computer Enumeration option is set to ‘Use Active Directory Services’, NTFS Security Manager queries Active Directory for enumerating servers present in a domain. During this process, NTFS Security Manager tries to connect to the Active Directory Server (Domain Controller) of the specified domain internally. If NTFS Security Manager is unable to find the domain controller for the selected domain, it will display the stated message. The following may be one of the reasons for such scenario:
When the Computer Enumeration option is set to ‘Use Active Directory Services’, NTFS Security Manager queries Active Directory for enumerating domains present in a forest. During this process, NTFS Security Manager tries to connect to the Active Directory Server (Domain Controller) of the specified forest internally. If NTFS Security Manager is unable to find the domain controller for the selected forest, it will display the above stated message. The following may be one of the reasons for such a scenario:The domain controller for the forest that you have selected might have been switched off.
The computer where NTFS Security Manager is installed is unable to resolve the specified DNS name of the forest.
The Grant Permissions tool makes changes to permissions in the following order:
The Revoke and the Modify tools do not break the inheritance. This is the default behavior. They make changes to only the explicit permissions. If you notice the old permissions, it could be because of inherited permissions from the parent. If you need to have these removed, you may use the Grant or the Modifier tool to block inheritance from the Parent.
The Copy permissions option will remove the inherited permissions from the parent object and copy the inherited permissions as explicit permissions.
The Remove permissions option will remove the inherited permissions from the parent object. After applying this option only the existing explicit permissions remain.
Here are some important points to consider while managing permissions:
NTFS Security Manager can be used to change NTFS permissions across Shares, Folders and Files. You have to absolutely ensure that only responsible persons within your organization use this software. The users using this software must have sufficient knowledge about tinkering with NTFS permissions on your file servers and workstations. The software must be used carefully and the end user must know what he is intending to accomplish using the features of the tool.
CAUTION: Wrong or inadvertent use of the software Wrong or inadvertent use of the software will compromise the security of your file system and may make the shares and folders either inaccessible or open them up for unauthorized access.
For Win7 and Windows 2008 R2, blocking inheritance on descendent objects of a remote share and when no explicit permissions have been granted for the account using the application on the descendent objects, would make the descendent objects root share. If you wish to view these folders, then login to the remote computer and allow inherited permissions from the share to the descendent objects or assign explicit permissions on the descendent objects for the application account.
NO. The software is designed to not take ownership of folders and files. The owner of the object will continue to retain their ownership with all the existing owner permissions after the permission changes are effected using the software. So, no matter what changes are made to permissions using the application, the existing owner permissions are retained on the shared folders.
Unable to remove the Account or selected ACL entry: You may get this error message when the selected account has other inherited permissions from the parent object or the selected account is an invalid account.
Unable to add an account: You may get this error message when the application is unable to resolve the account SID. This may happen if the selected account is an “Unknown account” or if the account is from another domain.
To run the Apply or Revoke CAP task, the currently logged on user account should satisfy the following conditions:
This may happen if any one of the following conditions is true: