• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 392
  • Last Modified:

W2K3 Permissions

I have a Users folder that contains about 1200 user shares.  After going through the permissions on each user share I am finding inconsistencies.  Most users have Modify permissions to their folders, while other have Full control.  I want to be able to do a clean sweap through all folders setting the permissions for each user to their folder to Modify.  How can I perform such a task?

  • 5
  • 5
  • 2
1 Solution
You can easily script this by using cacls or xcacls
With these tools, you can set file and directory permissions from the commandline and/or batch scripts.

mchristo63Author Commented:
Even if each folder has a permissions to a specific user?  

Also.... to all those that admin user shares .... what do you set your users permissions to?  Modify -or- Full ?
the consept for the script should be :
for each user in AD, goto folder and change ACL.
this way you don't need to export users list.
in microsoft script center there is alot of scripts that if you combaine them
you will get what you need.

i will try to compose one for you ....
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

mchristo63Author Commented:
Great, thanks....

Full or Modify permissions for User folders?  I just want to get an opinion of what everyone is doing.
simplest is to create a batchfile with 1 scriptline for each directory. If you're comfortable working with Excel, you can quickly create such a batchfile with some copy/paste "tricks"

From a security and manageability point of view, modify would be best (since you avoid users messing things up) but I have seen some weird application problems, where it turned out that the application required the user to have full control to their home directory.
mchristo63Author Commented:
by the way, i asume that the folder name is like the user name... right ?
mchristo63Author Commented:
here the script :
copy the code between  the stars to txt file and name it like :"permission.VBS"
you need to download the file XCACLS.EXE from microsoft site and place him id
root folder c:\
you need to edit your domain LDAP name, you can see the exact name with ADSI EDIT
(you can find it in microsoft site too)
hope it will be useful for you....    
good luck.

' ***** Global variables
 Dim oContainer
 Dim OutPutFile
 Dim FileSystem
 Dim objshell

 '**** Initialize global variables
 Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
 Set OutPutFile = FileSystem.CreateTextFile("marketing.txt", True)

 '******  here you need to place your domain LDAP name
 '******  you can see the LDAP in adsi edit utility.

 Set oContainer=GetObject("LDAP://CN=Users,DC=skynet,DC=pof")
 Set objShell = CreateObject("Wscript.Shell")

 '***** Enumerate Container
 EnumerateUsers oContainer

 '***** Clean up
 Set FileSystem = Nothing
 Set oContainer = Nothing
 WScript.Echo "Finished"

 Sub EnumerateUsers(oCont)
 Dim oUser
 Dim fname
 For Each oUser In oCont
 If LCase(oUser.Class)="user" then
   if Not IsEmpty(oUser.distinguishedName) Then
 OutPutFile.WriteLine "dn: " & fname
 '******* you need to place XCACLS.EXE in drive C:
 '******* you can find it in the internet for free.
 '******* you need to set the PATH to folders where C:\folderpath\ ***

 objShell.Run("c:\xcacls C:\folderpath\" & fname & " /C /E /T /G " & fname & ":C")

 End If
 End If
 End Sub

mchristo63Author Commented:
thanks, i'll try it out.
tell me if you have any problem, i wiil try to help you...

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 5
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now