Solved: Folder Ownership and Permissions

You can do this by script using cacls -

For example. If your users' home dirs are on f:\Home and named after the user name, so that things look like this:

F:\Home\jsmith
F:\Home\jdoe
F:\Home\mthompson
F:\Home\dfinley
etc

Then run this command in a batch file:

for /f "tokens=1" %%a in ('dir /b f:\home') do (
cacls f:\home\%%a /t /c /g %computername%\administrators:f
cacls f:\home\%%a /t /e /c /g domain\%%a:f
)

The above will set each user's home directory so that the local admins group and the domain user for which the directory is named will have FULL control over the folder.

Seelan Naidoo

also dont forget to remove the 'Users' group as they have default read permissions to all folders on Win2k3 file server.

Lee W, MVP

No need. Default behaviour of CACLS will REPLACE permissions completely. The /e switch edits them. Thus it's important to put the admins first or you could lock yourself out.

Justin Durrant

ASKER

Ok bare with me here I suck at scripting... I created a batch file called cacls.bat with the following:

for /f "tokens=1" %%a in ('dir /b c:\test') do (
cacls c:\test\%%a /t /c /g %computername%\administrators:f
cacls c:\test\%%a /t /e /c /g domain\%%a:f
)

I also created one replacing "domain" with our domain name and no luck:

for /f "tokens=1" %%a in ('dir /b c:\test') do (
cacls c:\test\%%a /t /c /g %computername%\administrators:f
cacls c:\test\%%a /t /e /c /g americas\%%a:f
)

When I run it against a test dir it just loops:

C:\>(
cacls c:\test\test1 /t /c /g NFDNT015\administrators:f
cacls c:\test\test1 /t /e /c /g americas\test1:f
)

C:\>for /F "tokens=1" %a in ('dir /b c:\test') do (
cacls c:\test\%a /t /c /g NFDNT015\administrators:f
cacls c:\test\%a /t /e /c /g americas\%a:f
)

C:\>(
cacls c:\test\test1 /t /c /g NFDNT015\administrators:f
cacls c:\test\test1 /t /e /c /g americas\test1:f
)

C:\>for /F "tokens=1" %a in ('dir /b c:\test') do (
cacls c:\test\%a /t /c /g NFDNT015\administrators:f
cacls c:\test\%a /t /e /c /g americas\%a:f

Lee W, MVP

Sorry, small screw up on my part:

First, create a text file with the letter y and a carriage return. Do this by typiing EXACTLY the following a at command line, replacing [key] with pressing the key.

COPY CON C:\Y.TXT[Enter]
Y[Enter]
[F6]

Next, use the following in a script:
for /f "tokens=1" %%a in ('dir /b /ad c:\test') do (
cacls c:\test\%%a /t /c /g builtin\administrators:f < c:\y.txt
cacls c:\test\%%a /t /e /c /g americas\%%a:f < c:\y.txt
)

Lee W, MVP

To step through this:

the loop lists all the users in that folder because the folders are named the same as the usernames.
the first CACLS line sets the administrators to full control
the second CACLS line sets the user to full control (this must be second or errors will occur trying to set admins to full).
At the end of each CACLS line, there is a < c:\y.txt - this is there because CACLS will prompt you to confirm you want to do this. There is no built in switch to turn this prompting off, so we redirect "input" so that the file "y.txt" provides the Y Enter needed.

Justin Durrant

ASKER

Still stuck in the loop..

Here is the contents of my y.txt file:

COPY CON C:\Y.TXT
Y

Here is the batch file:

for /f "tokens=1" %%a in ('dir /b /ad c:\test') do (
cacls c:\test\%%a /t /c /g builtin\administrators:f < c:\y.txt
cacls c:\test\%%a /t /e /c /g americas\%%a:f < c:\y.txt
)

And the result:

C:\>(
cacls c:\test\test1 /t /c /g builtin\administrators:f 0<c:\y.txt
cacls c:\test\test1 /t /e /c /g americas\test1:f 0<c:\y.txt
)

C:\>for /F "tokens=1" %a in ('dir /b /ad c:\test') do (
cacls c:\test\%a /t /c /g builtin\administrators:f 0<c:\y.txt
cacls c:\test\%a /t /e /c /g americas\%a:f 0<c:\y.txt
)

C:\>(
cacls c:\test\test1 /t /c /g builtin\administrators:f 0<c:\y.txt
cacls c:\test\test1 /t /e /c /g americas\test1:f 0<c:\y.txt
)

C:\>for /F "tokens=1" %a in ('dir /b /ad c:\test') do (
cacls c:\test\%a /t /c /g builtin\administrators:f 0<c:\y.txt
cacls c:\test\%a /t /e /c /g americas\%a:f 0<c:\y.txt
)

Justin Durrant

ASKER

Nevermind.. i see i create the Y text with the copy con command.. so I got the y.txt created, ran the batch file. Still looping:

C:\>(
cacls c:\test\test1 /t /c /g builtin\administrators:f 0<c:\y.txt
cacls c:\test\test1 /t /e /c /g americas\test1:f 0<c:\y.txt
)

C:\>for /F "tokens=1" %a in ('dir /b /ad c:\test') do (
cacls c:\test\%a /t /c /g builtin\administrators:f 0<c:\y.txt
cacls c:\test\%a /t /e /c /g americas\%a:f 0<c:\y.txt
)

C:\>(
cacls c:\test\test1 /t /c /g builtin\administrators:f 0<c:\y.txt
cacls c:\test\test1 /t /e /c /g americas\test1:f 0<c:\y.txt
)

C:\>for /F "tokens=1" %a in ('dir /b /ad c:\test') do (
cacls c:\test\%a /t /c /g builtin\administrators:f 0<c:\y.txt
cacls c:\test\%a /t /e /c /g americas\%a:f 0<c:\y.txt
)

Lee W, MVP

It's supposed to loop. Do you have an account in the domain called "test1". Here's what I do:

********Here's the EXACT script I'm using:
rem @echo off
for /f "tokens=1" %%a in ('dir /ad /b c:\temp\scripts\cacls') do (
cacls c:\temp\scripts\cacls\%%a /t /c /g builtin\administrators:f < y.txt
cacls c:\temp\scripts\cacls\%%a /t /e /c /g antiverse\%%a:f
)

********Now, I run the script (test.cmd)
C:\Temp\scripts\cacls>test

********And here's what the Batch file does
C:\Temp\scripts\cacls>rem @echo off

C:\Temp\scripts\cacls>for /F "tokens=1" %a in ('dir /ad /b c:\temp\scripts\cacls
') do (
cacls c:\temp\scripts\cacls\%a /t /c /g builtin\administrators:f 0<y.txt
cacls c:\temp\scripts\cacls\%a /t /e /c /g antiverse\%a:f
)

C:\Temp\scripts\cacls>(
cacls c:\temp\scripts\cacls\andreab /t /c /g builtin\administrators:f 0<y.txt

cacls c:\temp\scripts\cacls\andreab /t /e /c /g antiverse\andreab:f
)
Are you sure (Y/N)?processed dir: c:\temp\scripts\cacls\andreab
processed dir: c:\temp\scripts\cacls\andreab

C:\Temp\scripts\cacls>(
cacls c:\temp\scripts\cacls\leew /t /c /g builtin\administrators:f 0<y.txt
cacls c:\temp\scripts\cacls\leew /t /e /c /g antiverse\leew:f
)
Are you sure (Y/N)?processed dir: c:\temp\scripts\cacls\leew
processed dir: c:\temp\scripts\cacls\leew

********Now I test the results - I check the permissions on the folders. I do this by using cacls but you can check it with file properties as well.
C:\Temp\scripts\cacls>cacls leew
C:\Temp\scripts\cacls\leew BUILTIN\Administrators:(OI)(CI)F
ANTIVERSE\leew:(OI)(CI)F

Justin Durrant

ASKER

Ok.. I do not have a domain account called test1. Let me try against an acutal folder.

Justin Durrant

ASKER

Ok.. this may not work.. Reason being if our domain accounts are not the same us our user folder.

For example, I have a folder called durrantj on the file server yet my domain account is nfdjdurr.

Is there a workaround for this?

Lee W, MVP

You can create a text file with space or tab dlimited columns. For example:

Account Folder
durrantj nfdjdurr
smitha asmith
johnsonv vicjohns

I'll post a script shortly that should handle that.

Justin Durrant

ASKER

thx man

Lee W, MVP

rem @echo off
REM Assumes file is in format Account-Folder; Reverse A-B if different.
for /f "tokens=1" %%a in (folderlist.txt) do (
cacls c:\temp\scripts\cacls\%%b /t /c /g builtin\administrators:f < y.txt
cacls c:\temp\scripts\cacls\%%b /t /e /c /g YourDomainName\%%a:f
)

The above should do.

Note - folderlist.txt should have no column headings or footer information. A pure text file with data only - like this:
----------------
durrantj nfdjdurr
smitha asmith
johnsonv vicjohns
----------------

Lee W, MVP

Funny, this is similar to what I had to do a year and half ago. I got a text file in a tab delimited format with a folder name, and UP TO 3 users that should have been granted permissions, to the folder. I had to modify this on a weekly basis for over 100 folders. It took me a few days of interrupted work, but I got the script working and didn't touch it again.

Justin Durrant

ASKER

Cool I will try it.. Please confirm this will set the owner of all folders and subfolders to the local admins group? Also, I assume it also replaces the NTFS permissons on all child objects correct? Is it just changes the durrantj folder and not all the files and folders within it, it is of no use to me.

Thx,

Justin

Lee W, MVP

Sorry, won't change ownership. Why is this necessary?

WILL change permissions recursively - The /T option in the CACLS line handles that.
/T Changes ACLs of specified files in
the current directory and all subdirectories.

If you must change ownership, you can download some utilities that should allow this:
http://gnuwin32.sourceforge.net/packages/fileutils.htm
Specifically the CHOWN command from the above link.

Justin Durrant

ASKER

Well some users have setup their folder for them only to have access. Maybe I don't need to change ownership.

I just need to get by the access denied messages when I try and access their home dirs.

Lee W, MVP

Hmmm.... not sure... if they've already locked you out, you may need to use that chown command to change things first.

Justin Durrant

ASKER

That's what I was afraid of... dam end users.

Seelan Naidoo

Use XcAcls

XcAcls Syntax
XcAcls uses the following syntax:

xcaclsFileName[/t][/e][/x][/c][/gUser:Permissions;Spec][/rUser][/pUser:Permissions;Spec] [...]][/dUser [...]][/y][/?|/h]

Parameters
FileName

Indicates the name of the file or directory to which the access control list (ACL) or access control entry (ACE) is typically applied. All standard wildcard characters can be used.

/t

Recursively walks through the current directory and all of its subdirectories, applying the chosen access rights to the matching files or directories.

/e

Edits the ACL instead of replacing it.

/x

Edits the ACL instead of replacing it; affects only the ACEs that the specified users already own.

/c

Causes XcAcls to continue if an "access denied" error occurs. If /c is omitted, XcAcls stops on this error.

/gUser: Permissions; Spec

Grants User access to the matching file or directory. Permissions apply the specified access right to files. Spec can be the same as Permissions and only applies to a directory. In this case, Permissions is used for file inheritance in this directory. Permissions and Spec accept the following values:

R- Read

C - Change (write)

F - Full Control

P - Change Permissions (special access)

O - Take Ownership (special access)

X - Execute (special access)

E - Read (Special access)

W - Write (Special access)

D - Delete (Special access)

T - Used only by Spec. ACE not specified. Sets an ACE for the directory itself without specifying an ACE that is applied to new files created in that directory. At least one access right must follow. Spec entries that precede T (in other words, those between the semicolon and the T) are ignored. (Special value)

Notes

• The access options for files (special file and directory access options for directories) are identical. For detailed explanations of these options, see Permissions for files and folders or Share permissions.

• All other options, which can also be set in Windows Explorer, are subsets of all possible combinations of the basic access rights. Therefore, there are no special options for directory access rights, such as LIST or READ.

/rUser
- Revokes all access rights for the specified user.

/pUser: Permissions; Spec
-Replaces access rights for User. Permissions applies the specified access right to files. Spec can be the same as Permissions and only applies to a directory. In this case, Permissions is used for file inheritance in this directory. Permissions and Spec accept the following values:

R- Read

C -Change (write)

F - Full Control

P - Change Permissions (special access)

O - Take Ownership (special access)

X - Execute (special access)

E - Read (special access)

W - Write (special access)

D - Delete (special access)

T - Used only by Spec. ACE not specified. Sets an ACE for the directory itself without specifying an ACE that is applied to new files created in that directory. At least one access right must follow. Spec entries that precede T (in other words, those between the semicolon and the T) are ignored. (Special value.)

Notes

• The access options for files (special file and directory access options for directories) are identical. For detailed explanations of these options, see Permissions for files and folders or Share permissions.

• All other options, which can also be set in Windows Explorer, are subsets of all possible combinations of the basic access rights. Therefore, there are no special options for directory access rights, such as LIST or READ.

/dUser
-Denies the specified user access to the file or directory.

/y
-Disables the confirmation when replacing user access rights. By default, XcAcls asks for confirmation. Because of this feature, when XcAcls is used in a batch routine, the routine stops responding until the right answer is entered. Use the /y parameter when you use XcAcls in batch mode.

------------------------------------------------------------------------------------------------------

XcAcls Examples

Example 1: Replace ACLs of All Files and Directories in the Current Directory
You want to replace the existing ACLs of all files and directories in the current directory with Read and Write access for the administrator, suppressing confirmation. Type the following at the command line:

xcacls *.* /g administrator:rw /y

Notice that you are not asked to confirm the change. You see output similar to the following:

processed file: C:\data\compressed.txt
processed file: C:\data\deptdata.txt
processed file: C:\data\dirafter.txt
processed file: C:\data\temp.txt
processed file: C:\data\uncompressed.txt
processed file: C:\data\userdata.txt

You can check to see that the command was executed by typing the following at the command line:

xcacls *.*

You see output similar to the following, confirming that the access rights have been set for the administrator:

C:\data\compressed.txt MYCOMPUTER\Administrator:(special access:)

READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

C:\data\deptdata.txt MYCOMPUTER\Administrator:(special access:)

READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

C:\data\dirafter.txt MYCOMPUTER\Administrator:(special access:)

READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

C:\data\temp.txt MYCOMPUTER\Administrator:(special access:)

READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

C:\data\uncompressed.txt MYCOMPUTER\Administrator:(special access:)

READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

C:\data\userdata.txt MYCOMPUTER\Administrator:(special access:)

READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

Example 2: Edit the ACLs of the Current Directory

You want to give TestUser Read, Write, Run, and Delete rights on all new files created in this directory, but only Read and Write permissions on the directory itself. Type the following at the command line:

xcacls *.* /g TestUser:rwed;rw /e

You see output similar to the following:

processed file: C:\test\compressed.txt
processed file: C:\test\deptdata.txt
processed file: C:\test\dirafter.txt
processed file: C:\test\temp.txt
processed file: C:\test\uncompressed.txt
processed file: C:\test\userdata.txt
C:\data\compressed.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\deptdata.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\dirafter.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\temp.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\uncompressed.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\userdata.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

The command edited the ACL of a file or a directory, but its effect on a directory was different. The ACE added to the directory is also an inherit ACE for new files created in this directory.

Example 3:
Edit Permissions on a Directory Without Creating an Inherit for New Files
You want to grant Read and Write permissions on a directory for TestUser. You do not want to create an inherit entry for new files, but grant only Read access to existing files. Type the following at the command line:

xcacls *.* /g TestUser:r;trw /e

You see output similar to the following:

C:\data\compressed.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\deptdata.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\dirafter.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\temp.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\uncompressed.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

C:\data\userdata.txt Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES

MYCOMPUTER\TestUser:C

Justin Durrant

ASKER

Thanks Sean..

That is a little advanced for me. :)

Can you tell me the exact command I would run to achieve the results I am looking for?

Remember, I don't want the users to lose permissions to their folders. I just want to make sure the loca admins group has full control and ownership of all files and folder under the Users share.

Thx,

Justin

Seelan Naidoo

xcacls *.* /t /e /c /g [local admins group]:O /p [local admins group]:F /y

Justin Durrant

ASKER

Ok here is what I ran and the error:

C:\>xcacls c:\test\*.* /t /e /c /g administrators:o /p administrators:f /y
ERROR: One or more arguments are not correct.

If I run the ownership and NTFS permissions separate I get this:

C:\>xcacls c:\test\*.* /t /e /c /p administrators:f /y
processed directory: c:\test\test1
processed directory: c:\test\test2
processed directory: c:\test\test3
processed directory: c:\test\test1\*.*
ERROR: The filename, directory name, or volume label syntax is incorrect.

Thanks.

Seelan Naidoo

try without the space..

xcalcs *.* /t /e /c /gAdministrators:O /pAdministrators:F /y

Justin Durrant

ASKER

Nope.....

I guess I just need something that will assign the local admins group as the owner of all objects while keeping the NTFS permissions.

Justin Durrant

ASKER

I redid all the permissions manually.. man what a pain. :)