Link to home
Start Free TrialLog in
Avatar of silver1386
silver1386

asked on

Is there a way to create folders and security permissions in bulk?

My HR department is coming to me saying that they are going to go to all electronic documents for their personnel records.  Unfortunately, this means creating a folder for each one of our employees (hundreds).  Even worse, they want certain folders within each personnel folder to have different permissions.  (This is because medical records can only be accessed by certain people, but simple employment status can be accessed by anyone.)  So what I'm asking is:  Is there any way to automate this process, either through a script or a program?

FYI:  The folders might look something like this:
John Smith
     Contact Information (security level 1)
     Employment Status (security level 1)
     Salary Information (security level 2)
     Medical (security level 3)
Jane Doe
     Contact Information (security level 1)
     Employment Status (security level 1)
     Salary Information (security level 2)
     Medical (security level 3)
So the folders and permissions levels would be the same under each personnel file.  I just don't want to have to create all these by hand.
ASKER CERTIFIED SOLUTION
Avatar of Member_2_4436132
Member_2_4436132

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This is a typical task with windows server, and very easily setup with group policy.  How are you setting up your shares?  How will they be accessed? What OS are you using?
Avatar of silver1386
silver1386

ASKER

@qikkel
The shares are just shared folders on a file server.
They are accessed through Windows Explorer.
The server's OS is Server 2008 R2.  The client machines are Windows 7 64-bit.
Suggest Document Management Solutions:
I am adding two open source softwares link here:
http://sourceforge.net/projects/logicaldoc/
http://www.epiware.com/products_epiware.php 
@MONSTA2008
The second link that you listed showed a Visual Basic script.  I know absolutely nothing about PowerShell, but would PowerShell make this any easier?
You could absolutely do the same with PowerShell.  This fellow has a script that comes pretty close to what you're looking to do.  It may require a bit of minor tweaking but the concepts are the same as in VBScript (appending your variables as needed, etc.).

http://www.powershell.nu/2009/02/13/set-folder-permissions-using-a-powershell-script/
Ah, I see your dilemma.  I was thinking more along the lines of folder redirection.  Although, you could do this easily with excel and command prompt.  Create new security groups for each level and add them to the appropriate users.  Create a folder for your new folders and give access to appropriate users.  Hide the share by using $ after the folder name.
Create an excel file with all user names.   Use mkdir drive:path\<point to cell with employee name>\lev1 to create the folder and subfolder.  Use ICACLS drive:path\<point to cell with employee name>\lev1 /GRANT:group,F - or something along those lines - to modify permissions.   You could also use net share for each folder, but it may cause issues.
Test individual commands with a single folder to ensure you have it setup correctly and then move them to excel and copy on down...
There may be an easier approach, but it seems fairly simple.
silver1386, powershell can perform admin functions for windows server, sql server, exchange server, and sharepoint server
@quikkel
The research that I've done on mkdir doesn't look very promising, especially in batch form.  I've never scripted before, so what you've provided makes little sense.  Could you elaborate any, especially on the <point to cell with employee name>?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you guys for all your thoughts and comments.  Being completely new to scripts, I knew nothing about any of this.  I got my in-house application developer (who obviously understands code) to come take a look at it with me.  After some time, this is what we came up with:


@echo off

for /f "tokens=* delims=" %%g in (namedata.txt) do (
mkdir c:\employment\%%g
mkdir c:\employment\%%g\NormalDocs
xcacls C:\employment\%%g\NormalDocs /T /G domain\SecGroup1:R /E
mkdir c:\employment\%%g\SecretDocs
xcacls C:\employment\%%g\SecretDocs /T /G domain\SecGroup2:R /E
echo %%g
)

It is pulling the names from a text file in the root directory called "namedata.txt."  As you can see, I'm using Xcacls, which I got the download and instructions from Microsoft here: http://support.microsoft.com/kb/318754/en-us.  I also had to install WMI Tools (http://www.microsoft.com/downloads/en/details.aspx?familyid=6430f853-1120-48db-8cc5-f2abdc3ed314&displaylang=en) to get it to work.  The script refers to the text file to create the employee's folder.  Then it creates the first subfolder and sets permissions on it.  Then it creates the next subfolder and sets permissions on it.  It's not extremely fast, but it works.  I say all this just in case someone else stumbles across this question and wants to know what I did.

The best answers I feel were from MONSTA2008 and qikkel, so I will split the points between them.