Applying complex NTFS permissions to existing folder structure

Hello Experts,

I'm looking for some advice on applying a complex set of NTFS permissions to an existing set of folders, and was wondering if anyone here could help me out.
We have a Windows 2003 domain with workstations using Windows XP, and the folders are shared from a Windows 2003 Standard server.

We currently have an example of the folder structure with proper permissions created on the server and a batch file that certain users can run to copy those folders from the "template" folder to the "production" folder.  This batch file uses robocopy with the /copyall switch to copy permissions and ownership from the template folder to the production folder and renames the new root folder as the job name.

A while ago something went wrong with this batch file and a bunch of jobs got created with the wrong permissions.  On top of that, the permissions were slightly changed by management so now ALL of the existing jobs in the production folder need to be updated with the new security.  Here is a simplified example of the structure, so you'll know what I mean:

-New Job Template root Folder
   -Group1 folder
      -Subfolders
      -Subfolders
         -More subfolders
      -Subfolders
   -Group2 folder
      -Subfolders
      -Subfolders
         -More subfolders
   -Group3 folder
      -Subfolders
         -More subfolders

So, the Group1 Active Directory group has rights over the group1 folder and all subfolders, Group2 has rights over group2, etc.  Some of them have more rights specified further down, but luckily all of them share the basic folder structure.

So, my main question here is:  Is there any way to take my existing security and ownership on the template folders and apply it to the Jobs that were created incorrectly without overwriting any files?

I really don't want to go through every job and correct the permissions, so I'd love an automatic way of handling this (especially if this ever happens again).

Thanks in advance for any help you can provide.

sfcandersonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MrLonandBCommented:
Have you set your permissions on the template folder on the security tab, then hit the advanced button and check "Replace persmission entries..."?
0
DawilliamsCommented:
1: Rename the jobs with incorrect permissions
2: Run batch job again
3: Rename new batch job with incorrect name
4: copy files from renamed incorrct folders to new ones with correct settings.
0
sfcandersonAuthor Commented:
If I use "replace permissions on child objects", won't it override any differing settings on subfolders?

i.e. if the root folder, Group1 folder, and Group1's subfolders all have different permission and I use replace permissions from the root, won't it overwrite the permissions set on the 3rd level subfolder?

0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

sfcandersonAuthor Commented:
DaWilliams:  That's definitely better than editing permissions by hand, but will still take a long time with dozens of jobs to recreate/copy.  If no other suggestions come in, I'll fall back on that one.

thanks,
Chris
0
DawilliamsCommented:
If the naming convention is scripted you could do another script to rename and recreate, might save you a little time.
0
Shift-3Commented:
If I'm understanding your question correctly, you should be able to run robocopy with the /secfix /xo /xn /xc switches.  This will replace security information from the original files without modifying data.  See here for more information:
http://support.microsoft.com/kb/323275
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sfcandersonAuthor Commented:
Shift-3:  That did it, thanks!
One thing to note is that the /secfix switch is from an old version of robocopy.  If anyone else needs to do this, the proper syntax is now this:

robocopy /is /e /copy:sou <source> <destination>
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.