Applying complex NTFS permissions to existing folder structure
Hello Experts,
I'm looking for some advice on applying a complex set of NTFS permissions to an existing set of folders, and was wondering if anyone here could help me out.
We have a Windows 2003 domain with workstations using Windows XP, and the folders are shared from a Windows 2003 Standard server.
We currently have an example of the folder structure with proper permissions created on the server and a batch file that certain users can run to copy those folders from the "template" folder to the "production" folder. This batch file uses robocopy with the /copyall switch to copy permissions and ownership from the template folder to the production folder and renames the new root folder as the job name.
A while ago something went wrong with this batch file and a bunch of jobs got created with the wrong permissions. On top of that, the permissions were slightly changed by management so now ALL of the existing jobs in the production folder need to be updated with the new security. Here is a simplified example of the structure, so you'll know what I mean:
-New Job Template root Folder
-Group1 folder
-Subfolders
-Subfolders
-More subfolders
-Subfolders
-Group2 folder
-Subfolders
-Subfolders
-More subfolders
-Group3 folder
-Subfolders
-More subfolders
So, the Group1 Active Directory group has rights over the group1 folder and all subfolders, Group2 has rights over group2, etc. Some of them have more rights specified further down, but luckily all of them share the basic folder structure.
So, my main question here is: Is there any way to take my existing security and ownership on the template folders and apply it to the Jobs that were created incorrectly without overwriting any files?
I really don't want to go through every job and correct the permissions, so I'd love an automatic way of handling this (especially if this ever happens again).
Thanks in advance for any help you can provide.
I'm looking for some advice on applying a complex set of NTFS permissions to an existing set of folders, and was wondering if anyone here could help me out.
We have a Windows 2003 domain with workstations using Windows XP, and the folders are shared from a Windows 2003 Standard server.
We currently have an example of the folder structure with proper permissions created on the server and a batch file that certain users can run to copy those folders from the "template" folder to the "production" folder. This batch file uses robocopy with the /copyall switch to copy permissions and ownership from the template folder to the production folder and renames the new root folder as the job name.
A while ago something went wrong with this batch file and a bunch of jobs got created with the wrong permissions. On top of that, the permissions were slightly changed by management so now ALL of the existing jobs in the production folder need to be updated with the new security. Here is a simplified example of the structure, so you'll know what I mean:
-New Job Template root Folder
-Group1 folder
-Subfolders
-Subfolders
-More subfolders
-Subfolders
-Group2 folder
-Subfolders
-Subfolders
-More subfolders
-Group3 folder
-Subfolders
-More subfolders
So, the Group1 Active Directory group has rights over the group1 folder and all subfolders, Group2 has rights over group2, etc. Some of them have more rights specified further down, but luckily all of them share the basic folder structure.
So, my main question here is: Is there any way to take my existing security and ownership on the template folders and apply it to the Jobs that were created incorrectly without overwriting any files?
I really don't want to go through every job and correct the permissions, so I'd love an automatic way of handling this (especially if this ever happens again).
Thanks in advance for any help you can provide.
Have you set your permissions on the template folder on the security tab, then hit the advanced button and check "Replace persmission entries..."?
1: Rename the jobs with incorrect permissions
2: Run batch job again
3: Rename new batch job with incorrect name
4: copy files from renamed incorrct folders to new ones with correct settings.
2: Run batch job again
3: Rename new batch job with incorrect name
4: copy files from renamed incorrct folders to new ones with correct settings.
ASKER
If I use "replace permissions on child objects", won't it override any differing settings on subfolders?
i.e. if the root folder, Group1 folder, and Group1's subfolders all have different permission and I use replace permissions from the root, won't it overwrite the permissions set on the 3rd level subfolder?
i.e. if the root folder, Group1 folder, and Group1's subfolders all have different permission and I use replace permissions from the root, won't it overwrite the permissions set on the 3rd level subfolder?
ASKER
DaWilliams: That's definitely better than editing permissions by hand, but will still take a long time with dozens of jobs to recreate/copy. If no other suggestions come in, I'll fall back on that one.
thanks,
Chris
thanks,
Chris
If the naming convention is scripted you could do another script to rename and recreate, might save you a little time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Shift-3: That did it, thanks!
One thing to note is that the /secfix switch is from an old version of robocopy. If anyone else needs to do this, the proper syntax is now this:
robocopy /is /e /copy:sou <source> <destination>
One thing to note is that the /secfix switch is from an old version of robocopy. If anyone else needs to do this, the proper syntax is now this:
robocopy /is /e /copy:sou <source> <destination>