Setting NTFS permissions on mutiple folders by a specific name in a directory tree

Posted on 2009-12-16
Medium Priority
Last Modified: 2012-05-08
How do I set group specific NTFS file.folder permissions by a specific folder name on multiple folders in a directory tree?
Projects---Project 1
                 Project 2

Want to search the tree, find all folders by a specific name and Edit, the existing permissions to Add/Remove specific permissions.
Remove some groups altogether Project
Add some groups - Projects - RO
Edit existing groups - Accounting-ENG
Will XCACLS.vbs do it? If so, how do I perform this by a specific folder name throught a directory tree?

Question by:NetManaged
  • 3
  • 2
LVL 31

Accepted Solution

Henrik Johansson earned 800 total points
ID: 26088504
Using subinacl should solve this. As path, use the base parent path followed by \FolderToChange. For example, the syntax below will give administrators full access to all Contracts folder below C:\Projects and remove the permissions earlier given to grouptoremove. You can add multiple /grant and /remove at the same time when neaded.

subinacl /subdirectories C:\Projects\Contracts /grant=administrators=F /revoke=grouptoremove

use 'subinacl /? /grant' for help on setting permissions.


Author Comment

ID: 26089277
Close to what I need but not quite. I should have provided more detail.
I need more of a find all directories with a specifc name in a multilevel tree and Edit:Grant,Replace,Revoke and then make permission changes for that folder either at that level only OR for all files/folders contained in that folder.
The folder Projects has 300+ uniquely named Customer folders, with a second level of uniquely named project folders with then a standard folder structure under each project.
I need a solution to start at a specific folder level, then search for a specific folder name and then make permission changes for that folder and if needed all files and subfolders.
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26091196
With subinacl, it will search for subfolders below the structure.
Using C:\Projecs\Contracts as in sample, it will search for any Contracts folder below C:\Projects independent of having any subfolder between the parent folder like C:\Projects\Project1\Contracts.
As object name parameter for subinacl, use parent folder followed by folder or file to process like C:\Path\To\Projects\Contracts or C:\Paht\To\Projects\*.doc
The action parameters /grant and /revoke can be entered multiple times at the same time. It can also use /replace to replace a group with another group (/replace=oldgroup=newgroup) or /deny to set deny permissions.

subinacl /subdirectories C:\Projects\Contracts /grant=GroupFull=F /grant=GroupChange=C /revoke=RemoveGroup1 /revoke=RemoveGroup2 /replace=OldGroup=NewGroup

If a group shall be set to readonly that has already been granted write permission, first execute the command to revoke all permissions for the group and after that execute the command to grant read permission.
You can also use /deny as action parameter to deny a group the write permission. Just keep in mind that a deny permission always override allow if there's a conflict.

Author Comment

ID: 26104640
henjoh09, Does subinacl have the same explicit folder/file permissions ability as xcacls.vbs? I reviewed some documentation, but I couldn't see more granular control as is in xcacls.vbs.
Does xcacls.vbs have the same "find the directory" capability?

Author Comment

ID: 27620928
           I'm willing to provide 100 points to henjoh09. His answer was part of the solution, but there was no followup with my question regarding another Microsoft tool purported to perform similar functions.
My apologies for being so tardy in resolving the open question.
I'm selecting Object in order to provide the points to henjoh09.
Thank you for your attention.
Regards, Greg

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question