batch script to set user permissions

Posted on 2008-11-13
Last Modified: 2013-12-04
I've modified a batch script I found to set user permissions. The script creates a folder, then assigns permissions as full control to the "domain admins", "Administrators", and the "username", only it still assigns permissions to others also, for example "Everyone". Can someone please tell me why? I need to secure the folder for use only by the domain admins, administrators and "single" user.

Here's the code:

mkdir \\server\data\reports\username
echo y| calcs "\\server\data\reports\username /G" "Domain Admins":F "Administrators":F username:F

I've tried it several different ways but nothing works. It always creates a folder with full access for everybody in the company.

Question by:fselliott
    LVL 82

    Expert Comment

    That's because the command never actually runs, because
    1. the name of the command is cacls.exe, not calcs.exe
    2. you don't have the quotes specified correctly
    Then it's completely unnecessary to add Domain Admins, because Domain Admins are a member of the local Administrators group by default anyway; add local system instead.

    mkdir \\server\data\reports\username
    echo y| cacls.exe "\\server\data\reports\username" /G Administrators:F SYSTEM:F username:F

    Open in new window

    LVL 2

    Accepted Solution

    Have you tried to remove everyone permissions by including it in the command?
    Also, if I remember correctly, even with the calcs command it's going to inherit the permissions of the reports folder.  What is the access set to on that folder?
    LVL 10

    Expert Comment

    As an alternative I would consider using fileacl
    which is an excellent and flexible tool for modifying user ACLs
    LVL 82

    Expert Comment

    if cacls is run without /e (*e*dit the ACL), it will *replace* the current ACL with the specified permissions; that's why the "echo y|" is necessary as well. The problem is the incorrect syntax.

    Author Closing Comment

    Yes, thank you, the problem is in the inherited permissions. But how do I remove them completely? I've re-written to this:

    echo y|calcs.exe /e "\\server\data\reports\username" /R "CREATOR OWNER"

    and it removes permissions, but it still allows it to inherit from parent the special permissions, which allow full access. So it defeats it's purpose.  Please provide guidance. Thanks, Lisa

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    screensaver local gpo/script 12 49
    firewall inside of network 9 54
    Forensic audit of SBS 2008 3 47
    bash script to unzip a file 5 20
    This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now