Windows 10 NTFS permissions for Azure AD account
I joined Windows 10 to Azure Active Directory and signed in with my Azure AD email address and password.
whoami returns AzureAD<Full Name> and the NTFS permissions of the user profile folder also show the folder owner as AzureAD<Full Name>. The user has a profile folder called Users<Full Name>.
However I am unable to select this user at all in the Select a principal dialog when I want to grant permissions to other folders. What is the correct syntax for Azure AD users?
When using just Azure AD accounts, there are no user accounts at all in in Local Users (unlike a Microsoft Account which is linked to a local user).
windows-10 office365 azure-activedirectory
asked Aug 1 '16 at 16:24
MonstieurMonstieur
301215
add a comment |
I joined Windows 10 to Azure Active Directory and signed in with my Azure AD email address and password.
whoami returns AzureAD<Full Name> and the NTFS permissions of the user profile folder also show the folder owner as AzureAD<Full Name>. The user has a profile folder called Users<Full Name>.
However I am unable to select this user at all in the Select a principal dialog when I want to grant permissions to other folders. What is the correct syntax for Azure AD users?
When using just Azure AD accounts, there are no user accounts at all in in Local Users (unlike a Microsoft Account which is linked to a local user).
windows-10 office365 azure-activedirectory
asked Aug 1 '16 at 16:24
MonstieurMonstieur
301215
Related, possibly useful: superuser.com/questions/982336/…
– Ƭᴇcʜιᴇ007
Aug 1 '16 at 17:17
add a comment |
I joined Windows 10 to Azure Active Directory and signed in with my Azure AD email address and password.
whoami returns AzureAD<Full Name> and the NTFS permissions of the user profile folder also show the folder owner as AzureAD<Full Name>. The user has a profile folder called Users<Full Name>.
However I am unable to select this user at all in the Select a principal dialog when I want to grant permissions to other folders. What is the correct syntax for Azure AD users?
When using just Azure AD accounts, there are no user accounts at all in in Local Users (unlike a Microsoft Account which is linked to a local user).
windows-10 office365 azure-activedirectory
asked Aug 1 '16 at 16:24
MonstieurMonstieur
301215
I joined Windows 10 to Azure Active Directory and signed in with my Azure AD email address and password.
whoami returns AzureAD<Full Name> and the NTFS permissions of the user profile folder also show the folder owner as AzureAD<Full Name>. The user has a profile folder called Users<Full Name>.
However I am unable to select this user at all in the Select a principal dialog when I want to grant permissions to other folders. What is the correct syntax for Azure AD users?
When using just Azure AD accounts, there are no user accounts at all in in Local Users (unlike a Microsoft Account which is linked to a local user).
windows-10 office365 azure-activedirectory
windows-10 office365 azure-activedirectory
asked Aug 1 '16 at 16:24
MonstieurMonstieur
301215
asked Aug 1 '16 at 16:24
MonstieurMonstieur
301215
asked Aug 1 '16 at 16:24
MonstieurMonstieur
301215
asked Aug 1 '16 at 16:24
MonstieurMonstieur
301215
asked Aug 1 '16 at 16:24
MonstieurMonstieur
301215
301215
Related, possibly useful: superuser.com/questions/982336/…
– Ƭᴇcʜιᴇ007
Aug 1 '16 at 17:17
add a comment |
Related, possibly useful: superuser.com/questions/982336/…
– Ƭᴇcʜιᴇ007
Aug 1 '16 at 17:17
Related, possibly useful: superuser.com/questions/982336/…
– Ƭᴇcʜιᴇ007
Aug 1 '16 at 17:17
Related, possibly useful: superuser.com/questions/982336/…
– Ƭᴇcʜιᴇ007
Aug 1 '16 at 17:17
add a comment |
2 Answers
2
active
oldest
votes
Newer versions show the actual domain name, but the same issue still exists. You can use Powershell to set the permissions.
$dir = get-item -Path 'C:usersjshelbyDesktoptestdir'
$acl = $dir.GetAccessControl('Access')
$username = 'domainusername'
$AccessRights = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,'Modify','ContainerInherit,ObjectInherit','None','Allow')
$Acl.SetAccessRule($AccessRights)
Set-Acl -path $Path -AclObject $Acl
answered Jun 10 '18 at 17:07
Jesus ShelbyJesus Shelby
1,163169
add a comment |
You can use this short PowerShell example which is tested on Windows 10, build 1809, which is Azure Active Directory registered. Please modify $path to your local folder, and for $permission you can use any Azure AD user, but username must be in AzureADupn format (example AzureADsmith@company.com)
$path = "C:myfolder"
$permission = "AzureADmyuser@mydomain.com","FullControl","Allow"
(Get-Acl $path).SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule $permission)) | Set-Acl $path
answered Dec 20 '18 at 16:03
Hrvoje KusuljaHrvoje Kusulja
14617
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1107465%2fwindows-10-ntfs-permissions-for-azure-ad-account%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Newer versions show the actual domain name, but the same issue still exists. You can use Powershell to set the permissions.
$dir = get-item -Path 'C:usersjshelbyDesktoptestdir'
$acl = $dir.GetAccessControl('Access')
$username = 'domainusername'
$AccessRights = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,'Modify','ContainerInherit,ObjectInherit','None','Allow')
$Acl.SetAccessRule($AccessRights)
Set-Acl -path $Path -AclObject $Acl
answered Jun 10 '18 at 17:07
Jesus ShelbyJesus Shelby
1,163169
add a comment |
Newer versions show the actual domain name, but the same issue still exists. You can use Powershell to set the permissions.
$dir = get-item -Path 'C:usersjshelbyDesktoptestdir'
$acl = $dir.GetAccessControl('Access')
$username = 'domainusername'
$AccessRights = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,'Modify','ContainerInherit,ObjectInherit','None','Allow')
$Acl.SetAccessRule($AccessRights)
Set-Acl -path $Path -AclObject $Acl
answered Jun 10 '18 at 17:07
Jesus ShelbyJesus Shelby
1,163169
add a comment |
Newer versions show the actual domain name, but the same issue still exists. You can use Powershell to set the permissions.
$dir = get-item -Path 'C:usersjshelbyDesktoptestdir'
$acl = $dir.GetAccessControl('Access')
$username = 'domainusername'
$AccessRights = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,'Modify','ContainerInherit,ObjectInherit','None','Allow')
$Acl.SetAccessRule($AccessRights)
Set-Acl -path $Path -AclObject $Acl
answered Jun 10 '18 at 17:07
Jesus ShelbyJesus Shelby
1,163169
Newer versions show the actual domain name, but the same issue still exists. You can use Powershell to set the permissions.
$dir = get-item -Path 'C:usersjshelbyDesktoptestdir'
$acl = $dir.GetAccessControl('Access')
$username = 'domainusername'
$AccessRights = New-Object System.Security.AccessControl.FileSystemAccessRule($Username,'Modify','ContainerInherit,ObjectInherit','None','Allow')
$Acl.SetAccessRule($AccessRights)
Set-Acl -path $Path -AclObject $Acl
answered Jun 10 '18 at 17:07
Jesus ShelbyJesus Shelby
1,163169
answered Jun 10 '18 at 17:07
Jesus ShelbyJesus Shelby
1,163169
answered Jun 10 '18 at 17:07
Jesus ShelbyJesus Shelby
1,163169
answered Jun 10 '18 at 17:07
Jesus ShelbyJesus Shelby
1,163169
1,163169
add a comment |
add a comment |
You can use this short PowerShell example which is tested on Windows 10, build 1809, which is Azure Active Directory registered. Please modify $path to your local folder, and for $permission you can use any Azure AD user, but username must be in AzureADupn format (example AzureADsmith@company.com)
$path = "C:myfolder"
$permission = "AzureADmyuser@mydomain.com","FullControl","Allow"
(Get-Acl $path).SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule $permission)) | Set-Acl $path
answered Dec 20 '18 at 16:03
Hrvoje KusuljaHrvoje Kusulja
14617
add a comment |
You can use this short PowerShell example which is tested on Windows 10, build 1809, which is Azure Active Directory registered. Please modify $path to your local folder, and for $permission you can use any Azure AD user, but username must be in AzureADupn format (example AzureADsmith@company.com)
$path = "C:myfolder"
$permission = "AzureADmyuser@mydomain.com","FullControl","Allow"
(Get-Acl $path).SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule $permission)) | Set-Acl $path
answered Dec 20 '18 at 16:03
Hrvoje KusuljaHrvoje Kusulja
14617
add a comment |
You can use this short PowerShell example which is tested on Windows 10, build 1809, which is Azure Active Directory registered. Please modify $path to your local folder, and for $permission you can use any Azure AD user, but username must be in AzureADupn format (example AzureADsmith@company.com)
$path = "C:myfolder"
$permission = "AzureADmyuser@mydomain.com","FullControl","Allow"
(Get-Acl $path).SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule $permission)) | Set-Acl $path
answered Dec 20 '18 at 16:03
Hrvoje KusuljaHrvoje Kusulja
14617
You can use this short PowerShell example which is tested on Windows 10, build 1809, which is Azure Active Directory registered. Please modify $path to your local folder, and for $permission you can use any Azure AD user, but username must be in AzureADupn format (example AzureADsmith@company.com)
$path = "C:myfolder"
$permission = "AzureADmyuser@mydomain.com","FullControl","Allow"
(Get-Acl $path).SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule $permission)) | Set-Acl $path
answered Dec 20 '18 at 16:03
Hrvoje KusuljaHrvoje Kusulja
14617
answered Dec 20 '18 at 16:03
Hrvoje KusuljaHrvoje Kusulja
14617
answered Dec 20 '18 at 16:03
Hrvoje KusuljaHrvoje Kusulja
14617
answered Dec 20 '18 at 16:03
Hrvoje KusuljaHrvoje Kusulja
14617
14617
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1107465%2fwindows-10-ntfs-permissions-for-azure-ad-account%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Related, possibly useful: superuser.com/questions/982336/…
– Ƭᴇcʜιᴇ007
Aug 1 '16 at 17:17