Applying complex NTFS permissions to existing folder structure

Hello Experts,

I'm looking for some advice on applying a complex set of NTFS permissions to an existing set of folders, and was wondering if anyone here could help me out.
We have a Windows 2003 domain with workstations using Windows XP, and the folders are shared from a Windows 2003 Standard server.

We currently have an example of the folder structure with proper permissions created on the server and a batch file that certain users can run to copy those folders from the "template" folder to the "production" folder.  This batch file uses robocopy with the /copyall switch to copy permissions and ownership from the template folder to the production folder and renames the new root folder as the job name.

A while ago something went wrong with this batch file and a bunch of jobs got created with the wrong permissions.  On top of that, the permissions were slightly changed by management so now ALL of the existing jobs in the production folder need to be updated with the new security.  Here is a simplified example of the structure, so you'll know what I mean:

-New Job Template root Folder
   -Group1 folder
      -Subfolders
      -Subfolders
         -More subfolders
      -Subfolders
   -Group2 folder
      -Subfolders
      -Subfolders
         -More subfolders
   -Group3 folder
      -Subfolders
         -More subfolders

So, the Group1 Active Directory group has rights over the group1 folder and all subfolders, Group2 has rights over group2, etc.  Some of them have more rights specified further down, but luckily all of them share the basic folder structure.

So, my main question here is:  Is there any way to take my existing security and ownership on the template folders and apply it to the Jobs that were created incorrectly without overwriting any files?

I really don't want to go through every job and correct the permissions, so I'd love an automatic way of handling this (especially if this ever happens again).

Thanks in advance for any help you can provide.

sfcandersonAsked:
Who is Participating?
 
Shift-3Connect With a Mentor Commented:
If I'm understanding your question correctly, you should be able to run robocopy with the /secfix /xo /xn /xc switches.  This will replace security information from the original files without modifying data.  See here for more information:
http://support.microsoft.com/kb/323275
0
 
MrLonandBCommented:
Have you set your permissions on the template folder on the security tab, then hit the advanced button and check "Replace persmission entries..."?
0
 
DawilliamsCommented:
1: Rename the jobs with incorrect permissions
2: Run batch job again
3: Rename new batch job with incorrect name
4: copy files from renamed incorrct folders to new ones with correct settings.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
sfcandersonAuthor Commented:
If I use "replace permissions on child objects", won't it override any differing settings on subfolders?

i.e. if the root folder, Group1 folder, and Group1's subfolders all have different permission and I use replace permissions from the root, won't it overwrite the permissions set on the 3rd level subfolder?

0
 
sfcandersonAuthor Commented:
DaWilliams:  That's definitely better than editing permissions by hand, but will still take a long time with dozens of jobs to recreate/copy.  If no other suggestions come in, I'll fall back on that one.

thanks,
Chris
0
 
DawilliamsCommented:
If the naming convention is scripted you could do another script to rename and recreate, might save you a little time.
0
 
sfcandersonAuthor Commented:
Shift-3:  That did it, thanks!
One thing to note is that the /secfix switch is from an old version of robocopy.  If anyone else needs to do this, the proper syntax is now this:

robocopy /is /e /copy:sou <source> <destination>
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.