• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 499
  • Last Modified:

A Script or Batch File to Set Folder Permissions

I need to know if there are scripts available for Windows Server 2003, that upon execution will set folder permissions specific to user groups in AD. I need it to change permissions on several sub-folders as well. It would'nt need to be all that advanced, as the the Root Folder is the only unique folder name, all of the sub-folders are the same name's, for each Root Folder.

For example, my tree would like something like:

Property_Name
-Accounting
    -Accounting Correspondence
             -2001
             -2002
             -2003

-Asset Management
    -Investor Relations

Effectively I need to give the Accounting Group, certain permissions per sub-folder, etc. and so on, per Department.

If anyone can steer me to a script that I could modify to accomplish this basic functionality it would be awesome.  I imagine I probably have some learning to do as well. As always thanks EE community!


0
waltb123
Asked:
waltb123
  • 3
  • 2
  • 2
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You don't need a script to accomplish this... it's basically a built in funcitonality of NTFS Permissions.  I've found that this article explains fairly well how to use NTFS permissions:
http://www.microsoft.com/technet/technetmag/issues/2005/11/HowITWorksNTFS/default.aspx

Jeff
TechSoEasy
0
 
waltb123Author Commented:
Ok, I'm feeling kind of dumb because after reading the article I dont see how the built in functionality helps me assign different access rights to certrain groups, in certain sub-folders of folders.

For example the Accounting department should have read access only, to the first 3 folders of the tier, but then have 'write' access once in the lower level folders, so they can create folders themselves...
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, generally properties are allocated at the "next-level"   So if you want "write'access from the lower level down, you need to specify in the "Accounting Correspondence"'s security to allow write access for "subfolders and files only".

Jeff
TechSoEasy
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
Darwinian999Commented:
Personally I'm a fan of using scripts to set permissions. The scripts document the folder security configuration and they make it easy to reapply the permissions or to set the same permissions on a new server.

The command you need to use in a script to set folder permissions is CACLS. You can get help on the CACLS syntax by typing CACLS /?

To give your Accounting group Read permission to the Accounting folder and everything below it, without changing the other permissions on the folder, you could use the CACLS command in a script like this:

CACLS Property_Name\Accounting /E /T /C /G Accounting:R
0
 
waltb123Author Commented:
I understand perms/inheritance. My problem is I have about 150 sets of folders, all with the same underlying structure, but with varying levels of permissions dependant upon how deep in the tier a user is. Thats a lot of work to do manually! I also have to create a new folder structure each time we add a new property to our business, so it would be nice to have a script to do all my legwork for me.

I think Darwinian hit the nail on the head. I'm assuming I can place those CACLS commands in a batch file and will work with assigning group permissons, not just users?

Do you have any good resource websites about using CACLS in greater detail/examples?
0
 
Darwinian999Commented:
There are lots of web sites with CACLS examples (do a Google search on "CACLS example"), but none that I've found that provide comprehensive examples. That's probably because the use of CACLS is pretty straight forward.

CACLS can apply permissions to files and folders for local users, local groups, domain users, domain groups, and inbuilt users & groups.
0
 
waltb123Author Commented:
I've been playing around with it since my last post and it is pretty straight forward. Thanks again for your assistance!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now