Solved

Is there a way to create folders and security permissions in bulk?

Posted on 2010-09-01
11
745 Views
Last Modified: 2012-06-27
My HR department is coming to me saying that they are going to go to all electronic documents for their personnel records.  Unfortunately, this means creating a folder for each one of our employees (hundreds).  Even worse, they want certain folders within each personnel folder to have different permissions.  (This is because medical records can only be accessed by certain people, but simple employment status can be accessed by anyone.)  So what I'm asking is:  Is there any way to automate this process, either through a script or a program?

FYI:  The folders might look something like this:
John Smith
     Contact Information (security level 1)
     Employment Status (security level 1)
     Salary Information (security level 2)
     Medical (security level 3)
Jane Doe
     Contact Information (security level 1)
     Employment Status (security level 1)
     Salary Information (security level 2)
     Medical (security level 3)
So the folders and permissions levels would be the same under each personnel file.  I just don't want to have to create all these by hand.
0
Comment
Question by:silver1386
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 4

Accepted Solution

by:
MONSTA2008 earned 125 total points
ID: 33579477
The Microsoft Technet Scripting Repository is one of the best tools you can keep in your arsenal for things like this.  You can access the home for this here:  http://gallery.technet.microsoft.com/ScriptCenter/en-us

This script, for example, will create an entire folder structure based on a .csv file and set permissions for you.

http://gallery.technet.microsoft.com/ScriptCenter/en-us/1648b0cb-129b-45df-964f-f160a6481767

In many cases you can find one script to do one feature and another to do something different and then look to combine the two.  I would obviously test these out in a development or sandbox environment first to make sure they do what you want.
0
 
LVL 11

Expert Comment

by:gikkel
ID: 33579497
This is a typical task with windows server, and very easily setup with group policy.  How are you setting up your shares?  How will they be accessed? What OS are you using?
0
 

Author Comment

by:silver1386
ID: 33579727
@qikkel
The shares are just shared folders on a file server.
They are accessed through Windows Explorer.
The server's OS is Server 2008 R2.  The client machines are Windows 7 64-bit.
0
 
LVL 10

Expert Comment

by:Fayaz
ID: 33579865
Suggest Document Management Solutions:
I am adding two open source softwares link here:
http://sourceforge.net/projects/logicaldoc/
http://www.epiware.com/products_epiware.php
0
 

Author Comment

by:silver1386
ID: 33579869
@MONSTA2008
The second link that you listed showed a Visual Basic script.  I know absolutely nothing about PowerShell, but would PowerShell make this any easier?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 4

Expert Comment

by:MONSTA2008
ID: 33581442
You could absolutely do the same with PowerShell.  This fellow has a script that comes pretty close to what you're looking to do.  It may require a bit of minor tweaking but the concepts are the same as in VBScript (appending your variables as needed, etc.).

http://www.powershell.nu/2009/02/13/set-folder-permissions-using-a-powershell-script/
0
 
LVL 11

Expert Comment

by:gikkel
ID: 33581998
Ah, I see your dilemma.  I was thinking more along the lines of folder redirection.  Although, you could do this easily with excel and command prompt.  Create new security groups for each level and add them to the appropriate users.  Create a folder for your new folders and give access to appropriate users.  Hide the share by using $ after the folder name.
Create an excel file with all user names.   Use mkdir drive:path\<point to cell with employee name>\lev1 to create the folder and subfolder.  Use ICACLS drive:path\<point to cell with employee name>\lev1 /GRANT:group,F - or something along those lines - to modify permissions.   You could also use net share for each folder, but it may cause issues.
Test individual commands with a single folder to ensure you have it setup correctly and then move them to excel and copy on down...
There may be an easier approach, but it seems fairly simple.
0
 
LVL 5

Expert Comment

by:msheskey
ID: 33583584
silver1386, powershell can perform admin functions for windows server, sql server, exchange server, and sharepoint server
0
 

Author Comment

by:silver1386
ID: 33597402
@quikkel
The research that I've done on mkdir doesn't look very promising, especially in batch form.  I've never scripted before, so what you've provided makes little sense.  Could you elaborate any, especially on the <point to cell with employee name>?
0
 
LVL 11

Assisted Solution

by:gikkel
gikkel earned 125 total points
ID: 33600633
Basically all you're doing is using excel to create one line that will make your folders and group settings which will automatically point to the column with the user name. This way you can easily copy that same formula and automatically reference the next user name.  It's not really scripting, just referencing.  
Like I mentioned, you will need to spend some time to determine exactly what the formula will entail to properly create the folder and apply the group settings.  But the basic idea is to have a spreadsheet with every employee's name in a separate row.  For instance, you could have cell A1 with the employee's first name and B1 with the last name.  In your other cells, you would have your formula which would reference cells A1 and B1 for names.
Cell A1: First
Cell B1: Last
Cell C1: ="mkdir "&"""D:\Test\"&$A1&" "&$B1&"\Lev1\"""
Cell D1: =" "&"""D:\Test\"&$A1&" "&$B1&"\Lev2\"""
Cell E1: =" "&"""D:\Test\"&$A1&" "&$B1&"\Lev3\"""
You would have your list already set with all employee names in columns A and columns B, then when you copy cells C1, D1, and E1 down to other rows and they'll automatically reference the next employee.  When you're finished, you would copy all the cells with the mkdir formulas to the clipboard. Open up command prompt, right click and paste.  You'll automatically have a folder for every employee with three different subfolders.  Since you'll already be in the mkdir command, you would need to use icacls to set your permissions on a different row to do it all at once.  I'd recommend you just put it on the same row but copy and paste it to excel after the directories are all created.
0
 

Author Comment

by:silver1386
ID: 33621391
Thank you guys for all your thoughts and comments.  Being completely new to scripts, I knew nothing about any of this.  I got my in-house application developer (who obviously understands code) to come take a look at it with me.  After some time, this is what we came up with:


@echo off

for /f "tokens=* delims=" %%g in (namedata.txt) do (
mkdir c:\employment\%%g
mkdir c:\employment\%%g\NormalDocs
xcacls C:\employment\%%g\NormalDocs /T /G domain\SecGroup1:R /E
mkdir c:\employment\%%g\SecretDocs
xcacls C:\employment\%%g\SecretDocs /T /G domain\SecGroup2:R /E
echo %%g
)

It is pulling the names from a text file in the root directory called "namedata.txt."  As you can see, I'm using Xcacls, which I got the download and instructions from Microsoft here: http://support.microsoft.com/kb/318754/en-us.  I also had to install WMI Tools (http://www.microsoft.com/downloads/en/details.aspx?familyid=6430f853-1120-48db-8cc5-f2abdc3ed314&displaylang=en) to get it to work.  The script refers to the text file to create the employee's folder.  Then it creates the first subfolder and sets permissions on it.  Then it creates the next subfolder and sets permissions on it.  It's not extremely fast, but it works.  I say all this just in case someone else stumbles across this question and wants to know what I did.

The best answers I feel were from MONSTA2008 and qikkel, so I will split the points between them.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
External Hard Drive Error 48 94
Basics of NetApp 10 56
How to format tape Cartridge to LTFS 6 33
Backup fail due to VSS errors. 4 47
Transparency shows that a company is the kind of business that it wants people to think it is.
Ever wondered why Windows 8 and 10 don't seem to accept your GPO-based software deployment while Windows 7 does? Read on.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now