Is there a way to create folders and security permissions in bulk?

My HR department is coming to me saying that they are going to go to all electronic documents for their personnel records.  Unfortunately, this means creating a folder for each one of our employees (hundreds).  Even worse, they want certain folders within each personnel folder to have different permissions.  (This is because medical records can only be accessed by certain people, but simple employment status can be accessed by anyone.)  So what I'm asking is:  Is there any way to automate this process, either through a script or a program?

FYI:  The folders might look something like this:
John Smith
     Contact Information (security level 1)
     Employment Status (security level 1)
     Salary Information (security level 2)
     Medical (security level 3)
Jane Doe
     Contact Information (security level 1)
     Employment Status (security level 1)
     Salary Information (security level 2)
     Medical (security level 3)
So the folders and permissions levels would be the same under each personnel file.  I just don't want to have to create all these by hand.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The Microsoft Technet Scripting Repository is one of the best tools you can keep in your arsenal for things like this.  You can access the home for this here:

This script, for example, will create an entire folder structure based on a .csv file and set permissions for you.

In many cases you can find one script to do one feature and another to do something different and then look to combine the two.  I would obviously test these out in a development or sandbox environment first to make sure they do what you want.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
This is a typical task with windows server, and very easily setup with group policy.  How are you setting up your shares?  How will they be accessed? What OS are you using?
silver1386Author Commented:
The shares are just shared folders on a file server.
They are accessed through Windows Explorer.
The server's OS is Server 2008 R2.  The client machines are Windows 7 64-bit.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Suggest Document Management Solutions:
I am adding two open source softwares link here: 
silver1386Author Commented:
The second link that you listed showed a Visual Basic script.  I know absolutely nothing about PowerShell, but would PowerShell make this any easier?
You could absolutely do the same with PowerShell.  This fellow has a script that comes pretty close to what you're looking to do.  It may require a bit of minor tweaking but the concepts are the same as in VBScript (appending your variables as needed, etc.).
Ah, I see your dilemma.  I was thinking more along the lines of folder redirection.  Although, you could do this easily with excel and command prompt.  Create new security groups for each level and add them to the appropriate users.  Create a folder for your new folders and give access to appropriate users.  Hide the share by using $ after the folder name.
Create an excel file with all user names.   Use mkdir drive:path\<point to cell with employee name>\lev1 to create the folder and subfolder.  Use ICACLS drive:path\<point to cell with employee name>\lev1 /GRANT:group,F - or something along those lines - to modify permissions.   You could also use net share for each folder, but it may cause issues.
Test individual commands with a single folder to ensure you have it setup correctly and then move them to excel and copy on down...
There may be an easier approach, but it seems fairly simple.
silver1386, powershell can perform admin functions for windows server, sql server, exchange server, and sharepoint server
silver1386Author Commented:
The research that I've done on mkdir doesn't look very promising, especially in batch form.  I've never scripted before, so what you've provided makes little sense.  Could you elaborate any, especially on the <point to cell with employee name>?
Basically all you're doing is using excel to create one line that will make your folders and group settings which will automatically point to the column with the user name. This way you can easily copy that same formula and automatically reference the next user name.  It's not really scripting, just referencing.  
Like I mentioned, you will need to spend some time to determine exactly what the formula will entail to properly create the folder and apply the group settings.  But the basic idea is to have a spreadsheet with every employee's name in a separate row.  For instance, you could have cell A1 with the employee's first name and B1 with the last name.  In your other cells, you would have your formula which would reference cells A1 and B1 for names.
Cell A1: First
Cell B1: Last
Cell C1: ="mkdir "&"""D:\Test\"&$A1&" "&$B1&"\Lev1\"""
Cell D1: =" "&"""D:\Test\"&$A1&" "&$B1&"\Lev2\"""
Cell E1: =" "&"""D:\Test\"&$A1&" "&$B1&"\Lev3\"""
You would have your list already set with all employee names in columns A and columns B, then when you copy cells C1, D1, and E1 down to other rows and they'll automatically reference the next employee.  When you're finished, you would copy all the cells with the mkdir formulas to the clipboard. Open up command prompt, right click and paste.  You'll automatically have a folder for every employee with three different subfolders.  Since you'll already be in the mkdir command, you would need to use icacls to set your permissions on a different row to do it all at once.  I'd recommend you just put it on the same row but copy and paste it to excel after the directories are all created.
silver1386Author Commented:
Thank you guys for all your thoughts and comments.  Being completely new to scripts, I knew nothing about any of this.  I got my in-house application developer (who obviously understands code) to come take a look at it with me.  After some time, this is what we came up with:

@echo off

for /f "tokens=* delims=" %%g in (namedata.txt) do (
mkdir c:\employment\%%g
mkdir c:\employment\%%g\NormalDocs
xcacls C:\employment\%%g\NormalDocs /T /G domain\SecGroup1:R /E
mkdir c:\employment\%%g\SecretDocs
xcacls C:\employment\%%g\SecretDocs /T /G domain\SecGroup2:R /E
echo %%g

It is pulling the names from a text file in the root directory called "namedata.txt."  As you can see, I'm using Xcacls, which I got the download and instructions from Microsoft here:  I also had to install WMI Tools ( to get it to work.  The script refers to the text file to create the employee's folder.  Then it creates the first subfolder and sets permissions on it.  Then it creates the next subfolder and sets permissions on it.  It's not extremely fast, but it works.  I say all this just in case someone else stumbles across this question and wants to know what I did.

The best answers I feel were from MONSTA2008 and qikkel, so I will split the points between them.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IT Administration

From novice to tech pro — start learning today.