Hi,
I'm trying to add a new admin AD group to a couple of our isilon shares in order to try to get a better control of the shares. Right now one of our shares is a bit of a mess where there is no single administrative group that has full access to everything, while it hasn't been much of an issue this is not by design and I'd like to change it in order to make it easier to delegate admin access to a new sys admins team.
Would the best approach here be to take ownership of the share via CLI and then use icacls to give full access to the new admin group?
Second share is a bit different in that the AD domain admins group has full access to it but we don't want to give domain admins rights to the new sys admins team while we do want them to have full admin access to the share.
In the case of the second share I tried to use icacls via the following command:
icacls "\\isilon\share2\*" /grant DOMAIN\SysAdmins:(OI)(CI)(F) /T
What happens is all the subfolders under share2 get proper permissions propagated but once you drill down deeper into say \\isilon\share2\subfolder1\ all folders underneath don't get new permissions added. Running the same icacls command one level down so:
icacls "\\isilon\share2\subfolder1\*" /grant DOMAIN\SysAdmins:(OI)(CI)(F) /T
works and everything propagates correctly all the way down to all of its sub folders and files.
Additionally back up at \\isilon\share2\ not all sub folders are experiencing this issue so something like \\isilon\share2\subfolder2\ gets everything propagated correctly to all of its sub folders and files.
Appreciate any suggestions.
Thanks,
Eugene