[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Applying complex NTFS permissions to existing folder structure

Posted on 2008-11-17
7
Medium Priority
?
375 Views
Last Modified: 2013-12-04
Hello Experts,

I'm looking for some advice on applying a complex set of NTFS permissions to an existing set of folders, and was wondering if anyone here could help me out.
We have a Windows 2003 domain with workstations using Windows XP, and the folders are shared from a Windows 2003 Standard server.

We currently have an example of the folder structure with proper permissions created on the server and a batch file that certain users can run to copy those folders from the "template" folder to the "production" folder.  This batch file uses robocopy with the /copyall switch to copy permissions and ownership from the template folder to the production folder and renames the new root folder as the job name.

A while ago something went wrong with this batch file and a bunch of jobs got created with the wrong permissions.  On top of that, the permissions were slightly changed by management so now ALL of the existing jobs in the production folder need to be updated with the new security.  Here is a simplified example of the structure, so you'll know what I mean:

-New Job Template root Folder
   -Group1 folder
      -Subfolders
      -Subfolders
         -More subfolders
      -Subfolders
   -Group2 folder
      -Subfolders
      -Subfolders
         -More subfolders
   -Group3 folder
      -Subfolders
         -More subfolders

So, the Group1 Active Directory group has rights over the group1 folder and all subfolders, Group2 has rights over group2, etc.  Some of them have more rights specified further down, but luckily all of them share the basic folder structure.

So, my main question here is:  Is there any way to take my existing security and ownership on the template folders and apply it to the Jobs that were created incorrectly without overwriting any files?

I really don't want to go through every job and correct the permissions, so I'd love an automatic way of handling this (especially if this ever happens again).

Thanks in advance for any help you can provide.

0
Comment
Question by:sfcanderson
7 Comments
 
LVL 19

Expert Comment

by:MrLonandB
ID: 22976106
Have you set your permissions on the template folder on the security tab, then hit the advanced button and check "Replace persmission entries..."?
0
 
LVL 5

Expert Comment

by:Dawilliams
ID: 22976224
1: Rename the jobs with incorrect permissions
2: Run batch job again
3: Rename new batch job with incorrect name
4: copy files from renamed incorrct folders to new ones with correct settings.
0
 

Author Comment

by:sfcanderson
ID: 22976231
If I use "replace permissions on child objects", won't it override any differing settings on subfolders?

i.e. if the root folder, Group1 folder, and Group1's subfolders all have different permission and I use replace permissions from the root, won't it overwrite the permissions set on the 3rd level subfolder?

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:sfcanderson
ID: 22976301
DaWilliams:  That's definitely better than editing permissions by hand, but will still take a long time with dozens of jobs to recreate/copy.  If no other suggestions come in, I'll fall back on that one.

thanks,
Chris
0
 
LVL 5

Expert Comment

by:Dawilliams
ID: 22976341
If the naming convention is scripted you could do another script to rename and recreate, might save you a little time.
0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 2000 total points
ID: 22976998
If I'm understanding your question correctly, you should be able to run robocopy with the /secfix /xo /xn /xc switches.  This will replace security information from the original files without modifying data.  See here for more information:
http://support.microsoft.com/kb/323275
0
 

Author Comment

by:sfcanderson
ID: 22977925
Shift-3:  That did it, thanks!
One thing to note is that the /secfix switch is from an old version of robocopy.  If anyone else needs to do this, the proper syntax is now this:

robocopy /is /e /copy:sou <source> <destination>
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question