Hi,

the NTFS permissions are the ones taking place, hence the default and best practice is to have the local administrators group set on all folder - and not a domain based group. There's a few ways to workaround this.

1) use the backup operator functionality to take files out with tools that know tu utilize it (such robocopy).

2) user-mapping, from your existing user to pretend to be another.

3) take ownership on the files, and add the required security group (painful, there's some scripts that can help - but they far from perfect).

Dear Gidon,

  TQVM for your reply. how to make the local administrator reflect all folders & subfolders ? because I tried to add a user in NetApp OnCommand System Manager and it's not reflected for all folders & subfolders. for example, if i add username "ahmed" in NetApp OnCommand System Manager when i go to my computer and check the share folder security permission not found "ahmed" in my folders & subfolders.

Hi,

The added permission in system manager is for the share level, the file system permission (NTFS) is separate, and need to be changed from a windows client. There's some messy ways to change it via a GPO or scripts and let the filer propagate it down - but I'd not recommend going to that route.

Hello Ahmed,

Please follow this kb for instructions:

How to modify permissions on files and folders in clustered Data ONTAP when there is no permission to take ownership 

Note: This process is not the recommended method for NTFS ACL management. It is recommended to use the Windows 'Security' tab whenever possible. This process should be used when NTFS ACL management is not available via Windows.