Solved

cacls batch script needs to run for each file in the folder to change permissions

Posted on 2004-09-23
11
1,925 Views
Last Modified: 2008-02-01
How can I write a script batch program to read all the file names in a directory and change the permissions using the CACLS command?

thanks in advance,

Don
0
Comment
Question by:dprice7
  • 6
  • 5
11 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 12133888
Just use the parent folder name instead:

CACLS C:\MyFolder /T /G Everyone:F
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 125 total points
ID: 12133910
You might also try it the slower way:

CD\MyFolder
for %a in (*.*) do cacls %a /T /G Everyone:F
0
 

Author Comment

by:dprice7
ID: 12156565
sirbounty,

I need to make sure administrator is the owner of all files within this folder before I execute this command for each file

otherwise the permissions don't seem to change.

Can it be done within your loop?

thanks again,


Don
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 12163468
Can you provide a little more detail on your situation and what you're trying to accomplish?
0
 

Author Comment

by:dprice7
ID: 12165602
Please allow me to elaborate a little..

The specific circumstance is I have a folder that is used to store completed documents in for all to read but none to change. First of all the user who creates these documents needs a way to transfer them into this folder.

Once that occurs I need to remove the change permissions from that user and anyone else who was carried over from the originating folder.

Hence the reason for this loop.
g:
cd Quality
CD\MyFolder
for %a in (*.*) do cacls %a /T /G "X\Domain Admins":F "X\Domain Users":R "X\QualityDocCtrl-Admin":R<yes.txt

I also tried to get around the issue of ownership by changin the owner on the top folder manusally and checking the box that says to do the same for subfolders.

This loop does not work in a batch program it errors out saying a problem with a.

suggestions for doing the loop and changing the owner are appreciated,

Does it make more sense now?

Don


0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:dprice7
ID: 12207643
sir bounty,

Does your not responding mean you give up or are just busy right now?

thanks,

Don
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 12209926
Sorry Don - been out of pocket for a while.
Sounds like by your last post, it still isn't resolved?  No need to accept until it is...
Let me see if I can assist further, just in case...

So, UserA creates a document and then needs to copy it into a folder that only users should have Read access to?

I don't think it's necessary to go about it this way.  Let's try this:

Preliminary steps:
a) Set QualityDocCtrl's share permissions to be Everyone/Full Control
b) Set QualityDocCtrl' Security/NTFS permissions to be Domain Users/Read (you will also probably have to set up special permissions (advanced) to allow 'change permissions' permission.

Now, in the process as you'd outlined above, if I understand correctly, this is what needs to occur:
a) UserA creates a QualityDoc
b) UserA should now run the script that resets the permissions to Domain Users\Write access
c) UserA should "Copy" the file to QualityDocCtrl
d) UserA should now run a script that resets the permissions back to Domain Users\Read Only
e) UserA deletes the original file

See, the way NTFS works is if you 'move' a file (which is essentially a copy/delete) - the permissions that were originally on the file when it was in the 'working' folder remain.
Thus, if UserA creates a document in FolderA (obviously he has write access to this folder), and he then moves it to FolderB - the file basically ignores any permission settings on FolderB and retains the original permissions.  The reasoning is the file itself isn't really 'moved'.  The only change that really occurs is NTFS's 'pointer' updates the location in its table where the file is now stored.

However, if UserA takes that same file from FolderA and Copies it to FolderB - well now, it inherits the permissions of FolderB, since it's a 'new' file that 'lives' in that folder.  Then, UserA just needs to delete the file from the original location (presumably, this isn't a problem in your situation).  I assume that it's been set up for a move to occur?

Anyway, hope this helps.  

I may check my email in the morning, but just so you're aware - I'm out of town until Wednesday late evening, so if you post again after tomorrow morning, it may be a while before I can respond.  Good luck!
0
 

Author Comment

by:dprice7
ID: 12212957
sirbounty,

thanks for not giving up on me. :)

I tried to have the owner manually copy different documents into the FolderB from various locations and each one kept their original permissions and owner.

That is why I wanted to let them copy everything to one location regardless of where it came from and then just change anything new in the directory to read only permissions for everyone or in this case change the existing permission on QualityDocCtrl_Admin to R(read) from C(change) .

Since it all needs to end up read only I thought of using the batch cacls to accomplish it.

But the other stumbling block seemed to be it wanted Admin to own the docs before the changes would work in the cacls command.

Don
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 12223255
More specifically Don, I believe it's requiring the 'change permissions' right that I mentioned before.

Can you provide a little more information on this/these NTFS volumes/partitions?
Is this move/copy occuring 'across' NTFS volumes or within the same volume?  That would make a difference, and I may have misguided you with the statement above, re-reading it.
A copy results in a 'new' file being created and it should inherit the destination permissions.
A move is dependent upon the partition condition: if it's on the same partition, the file retains its original permission, but if it's across partitions, it inherits the destination permissions.

Here's a link referencing NTFS special perms: http://www.windowsitlibrary.com/Content/592/2.html
And another referencing move/copy permissions on NTFS: http://www.windowsitlibrary.com/Content/592/2.html#4
Of course, a move or copy to FAT loses all permissions.

I have been meaning to test what you're trying to accomplish, but since I'm out of town, I'm unable to until I return to the office.  I hope that you find this information useful though.
0
 

Author Comment

by:dprice7
ID: 12273297
The volume or partition would be the same in this case.

However, I would prefer not to place that restriction on the process.

We have certain people who author documents but once they are reviewed for correctness they need placed somewhere

for all the see but none to change and I don't want to do it manually only through a script that runs and checks the repository for files and automatically moves them to their new readable directory for all to see.
The original owners and permissions should no longer exist once they enter the new directory the owner should now be the administrator and everyone should be able to read the document.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 12285237
Don, the only other method that I can see to get this working is to have the administrator run the cacls script remotely.
In other words, you'll have to open the share for write permissions every time someone wants to copy a file there (scriptA) and then run another script after it's copied (scriptB)

scriptA
@cacls \\server\share\folder /g everyone:W

scriptB
@cacls \\server\share\folder /d everyone:W

It might be a pain to do so, but without getting into Advanced permissions, I see no other way...
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now