Questions on "Replace all child object permissions with inheritable permissions from this object:Replace all child object permissions with inheritable permissions from this object"

Takami Chiro 66 Reputation points
2022-09-07T17:47:02.927+00:00

Hi everyone, hope you all doing well. I have one scenario and hope you can help.

I have a window 2022 file server. There is one root folder called DEPT. User1 assigned with read/write permissions. And the permissions are propagate to all the sub-folders in the DEPT folder. Each sub-folders also have other explicit permissions assigned to other users.

Now I want to remove User1 from the root DEPT folder and all subfolders in it while I want to keep all other the explicit permissions in the subfolders.

I go to DEPT, advanced security, and hit "Change permissions". There is a box called "Replace all child object permissions with inheritable permissions from this object".

My question are

1.) should I check this box in order to keep all other explicit permission in the subfolders while I can remove USER1 from them?
2.) If I check the box, will the original explicit permissions in the subfolder be totally wiped out and be replaced with those persmissions in the root DEPT folder?

Thank you for your help.

Takami Chiro

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,261 questions
0 comments No comments
{count} votes

6 additional answers

Sort by: Most helpful
  1. Takami Chiro 66 Reputation points
    2022-09-07T19:42:44.247+00:00

    Ok. I will try. Hope it will remove the user not just in that root folder but also the rest of the subfolders. Thank you very much for all your response!

    Takami Chiro


  2. David Sain 0 Reputation points
    2023-05-09T18:44:24.8833333+00:00

    Individual users should never be assigned to folders in the first place, the only exception being their User folder. Best practice is to assign permissions via groups. This is because it can be very time-consuming to find all folders with explicit user permissions assigned.

    I would remove User1 from the said group that would have been created and you don't have to play with permissions of the share on the server every time a user changes (fired, quits, replaced, new position, etc.).

    0 comments No comments