jasonlkennedy
asked on
Need script to Change NTFS permissions to Full - Delete and Copy files - and then change NTFS permissions back to read only
Windows 2003 Active Directoy
This will be done on about 300 computers. All computers login to domain with same ID -> UserA.
Currently UserA is Local\Power Users of the local machine.
This is what I need. A script to:
First - Change the NTFS permissions for Domain\UserA on folder %userprofile%\desktop to Full
Second - delete all files in the %userprofile%\desktop
Third - Copy all files from \\server\share to %userprofile%\desktop
Fourth - Change permission for Domain\UserA on folder %userprofile%\desktop to read only
This is the current config using cacls:
DOMAIN\UserA:F
DOMAIN\UserA:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI
This is a halfass way to keep all the dekstops clean and Icons up to date and syncronized. This must be done using native tools to WindowsXP, probably cacls.exe.
Thanks
Jason
This will be done on about 300 computers. All computers login to domain with same ID -> UserA.
Currently UserA is Local\Power Users of the local machine.
This is what I need. A script to:
First - Change the NTFS permissions for Domain\UserA on folder %userprofile%\desktop to Full
Second - delete all files in the %userprofile%\desktop
Third - Copy all files from \\server\share to %userprofile%\desktop
Fourth - Change permission for Domain\UserA on folder %userprofile%\desktop to read only
This is the current config using cacls:
DOMAIN\UserA:F
DOMAIN\UserA:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI
This is a halfass way to keep all the dekstops clean and Icons up to date and syncronized. This must be done using native tools to WindowsXP, probably cacls.exe.
Thanks
Jason
ASKER
Although this is a good answer, we have tried using this before and some managers didn't like too much during testing.
Thanks for your help.
Jason
Thanks for your help.
Jason
Do you want to use cacls.exe or i can use setacl which gives us lots of option including log file
regards
Chandru
regards
Chandru
ASKER
SetAcl is not native to WindowsXP. Can setacl be ran from a remote location by the script to modify the permissions on the selected computer?
Yes we can run that from a unc location
regards
Chandru
regards
Chandru
ASKER
Then please continue with your solution and thanks for your time.
ASKER
Any more takers?
ASKER
These 1000 computers are spread throughout the hospital. Each unit has thier own printers. Using Mandatory profiles will require all 250 printers to be added to the profile.
Please close this question unresolved with refund.
Thanks for the help guys.
Jason
Please close this question unresolved with refund.
Thanks for the help guys.
Jason
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
http://www.enterprisenetworkingplanet.com/netos/article.php/625291