Is there a way to create folders and security permissions in bulk?

Posted on 2010-09-01
Medium Priority
Last Modified: 2012-06-27
My HR department is coming to me saying that they are going to go to all electronic documents for their personnel records.  Unfortunately, this means creating a folder for each one of our employees (hundreds).  Even worse, they want certain folders within each personnel folder to have different permissions.  (This is because medical records can only be accessed by certain people, but simple employment status can be accessed by anyone.)  So what I'm asking is:  Is there any way to automate this process, either through a script or a program?

FYI:  The folders might look something like this:
John Smith
     Contact Information (security level 1)
     Employment Status (security level 1)
     Salary Information (security level 2)
     Medical (security level 3)
Jane Doe
     Contact Information (security level 1)
     Employment Status (security level 1)
     Salary Information (security level 2)
     Medical (security level 3)
So the folders and permissions levels would be the same under each personnel file.  I just don't want to have to create all these by hand.
Question by:silver1386
  • 4
  • 3
  • 2
  • +2

Accepted Solution

MONSTA2008 earned 500 total points
ID: 33579477
The Microsoft Technet Scripting Repository is one of the best tools you can keep in your arsenal for things like this.  You can access the home for this here:  http://gallery.technet.microsoft.com/ScriptCenter/en-us

This script, for example, will create an entire folder structure based on a .csv file and set permissions for you.


In many cases you can find one script to do one feature and another to do something different and then look to combine the two.  I would obviously test these out in a development or sandbox environment first to make sure they do what you want.
LVL 11

Expert Comment

ID: 33579497
This is a typical task with windows server, and very easily setup with group policy.  How are you setting up your shares?  How will they be accessed? What OS are you using?

Author Comment

ID: 33579727
The shares are just shared folders on a file server.
They are accessed through Windows Explorer.
The server's OS is Server 2008 R2.  The client machines are Windows 7 64-bit.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

LVL 10

Expert Comment

ID: 33579865
Suggest Document Management Solutions:
I am adding two open source softwares link here:

Author Comment

ID: 33579869
The second link that you listed showed a Visual Basic script.  I know absolutely nothing about PowerShell, but would PowerShell make this any easier?

Expert Comment

ID: 33581442
You could absolutely do the same with PowerShell.  This fellow has a script that comes pretty close to what you're looking to do.  It may require a bit of minor tweaking but the concepts are the same as in VBScript (appending your variables as needed, etc.).

LVL 11

Expert Comment

ID: 33581998
Ah, I see your dilemma.  I was thinking more along the lines of folder redirection.  Although, you could do this easily with excel and command prompt.  Create new security groups for each level and add them to the appropriate users.  Create a folder for your new folders and give access to appropriate users.  Hide the share by using $ after the folder name.
Create an excel file with all user names.   Use mkdir drive:path\<point to cell with employee name>\lev1 to create the folder and subfolder.  Use ICACLS drive:path\<point to cell with employee name>\lev1 /GRANT:group,F - or something along those lines - to modify permissions.   You could also use net share for each folder, but it may cause issues.
Test individual commands with a single folder to ensure you have it setup correctly and then move them to excel and copy on down...
There may be an easier approach, but it seems fairly simple.

Expert Comment

ID: 33583584
silver1386, powershell can perform admin functions for windows server, sql server, exchange server, and sharepoint server

Author Comment

ID: 33597402
The research that I've done on mkdir doesn't look very promising, especially in batch form.  I've never scripted before, so what you've provided makes little sense.  Could you elaborate any, especially on the <point to cell with employee name>?
LVL 11

Assisted Solution

gikkel earned 500 total points
ID: 33600633
Basically all you're doing is using excel to create one line that will make your folders and group settings which will automatically point to the column with the user name. This way you can easily copy that same formula and automatically reference the next user name.  It's not really scripting, just referencing.  
Like I mentioned, you will need to spend some time to determine exactly what the formula will entail to properly create the folder and apply the group settings.  But the basic idea is to have a spreadsheet with every employee's name in a separate row.  For instance, you could have cell A1 with the employee's first name and B1 with the last name.  In your other cells, you would have your formula which would reference cells A1 and B1 for names.
Cell A1: First
Cell B1: Last
Cell C1: ="mkdir "&"""D:\Test\"&$A1&" "&$B1&"\Lev1\"""
Cell D1: =" "&"""D:\Test\"&$A1&" "&$B1&"\Lev2\"""
Cell E1: =" "&"""D:\Test\"&$A1&" "&$B1&"\Lev3\"""
You would have your list already set with all employee names in columns A and columns B, then when you copy cells C1, D1, and E1 down to other rows and they'll automatically reference the next employee.  When you're finished, you would copy all the cells with the mkdir formulas to the clipboard. Open up command prompt, right click and paste.  You'll automatically have a folder for every employee with three different subfolders.  Since you'll already be in the mkdir command, you would need to use icacls to set your permissions on a different row to do it all at once.  I'd recommend you just put it on the same row but copy and paste it to excel after the directories are all created.

Author Comment

ID: 33621391
Thank you guys for all your thoughts and comments.  Being completely new to scripts, I knew nothing about any of this.  I got my in-house application developer (who obviously understands code) to come take a look at it with me.  After some time, this is what we came up with:

@echo off

for /f "tokens=* delims=" %%g in (namedata.txt) do (
mkdir c:\employment\%%g
mkdir c:\employment\%%g\NormalDocs
xcacls C:\employment\%%g\NormalDocs /T /G domain\SecGroup1:R /E
mkdir c:\employment\%%g\SecretDocs
xcacls C:\employment\%%g\SecretDocs /T /G domain\SecGroup2:R /E
echo %%g

It is pulling the names from a text file in the root directory called "namedata.txt."  As you can see, I'm using Xcacls, which I got the download and instructions from Microsoft here: http://support.microsoft.com/kb/318754/en-us.  I also had to install WMI Tools (http://www.microsoft.com/downloads/en/details.aspx?familyid=6430f853-1120-48db-8cc5-f2abdc3ed314&displaylang=en) to get it to work.  The script refers to the text file to create the employee's folder.  Then it creates the first subfolder and sets permissions on it.  Then it creates the next subfolder and sets permissions on it.  It's not extremely fast, but it works.  I say all this just in case someone else stumbles across this question and wants to know what I did.

The best answers I feel were from MONSTA2008 and qikkel, so I will split the points between them.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
Ready to get certified? Check out some courses that help you prepare for third-party exams.
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month12 days, 17 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question