What are the effective permissions if you share a symlink but not the folder it points to? From what I can see, there are 3 sets of permissions:
1) the target folder permissions
2) the symlink folder permissions
3) the symlink shared permissions
How are these applied and in what order?
Specific example:
Normal folder:
c:\
|-test
|----subtest
|--------nothere
symlink:
mklink /d c:\myshare c:\test
Assigned permissions:
User1 has full access to c:\test
User2 has no access to c:\test
I share the symlink "myshare", with sharing permissions set to "everyone-full access".
So, now there is a \server\myshare . Ideally, I would like:
a) user1 to continue have full access to \server\myshare and all subfolders (this works)
b) user2 to access \server\myshare, see the listing for "subtest", but not being able to access it. (this doesn't work).
Best Answer
Use this command to grant full access
cd %systemroot% takeown /f csc /r /a /d y icacls csc /grant Everyone:(F) /t /l /q then reboot.
vssadmin List Shadows
This will show you a list of your shadow copies (the shadow of the CSC folder will not be locked). Look for and copy the highest numbered original address. Secondly we make a link to the shadow copy:
mklink /D C:\LatestShadow \?\GLOBALROOT\Device\HarddiskVolumeShadowCopy417\
The rightmost part of that should be the original address you copied before Next use robocopy to get all the files out of the cache
mkdir C:\CSC_copy robocopy C:\LatestShadow\Windows\CSC C:\CSC_copy /E /zb /copyall
then took ownership of the files in the C:\CSC_Copy