Solved

Batch File Help

Posted on 2014-01-23
20
519 Views
Last Modified: 2014-01-27
Hello,
Looking for some help with a batch file I need to run urgently to set permissions on a number of folders.  

We have the following folder structure

Folder1
Folder1\Client1
Folder1\Client2
Folder1\Client3
Then within each client folder we have several sub folders
e.g.
Folder1\Client1\SubFolder1
Folder1\Client1\SubFolder2
Folder1\Client1\SubFolder3

I need to reset permissions on all the Subfolders in the example above and have written the following code in a file called permissions.bat

for /d /r %%g in ("f:\Folder1") DO icacls "%%g" /grant:r domain\mygroup:(OI)(CI)M

This gives the modify permission to the AD group domain\mygroup to the folder Client1 and Subfolder1.  The permissions of Client1 are different and should not be changed as users should not be able to delete/edit client folders.  How can I modify the batch file to only apply the icacls command to the SubFolders under each Client folder rather than it applying to the Client folder and the Subfolders.

I am sure it will be something simple but everything I have tried doesnt seem to work.  Nested For Loops maybe or is For the wrong command?

This is running on a 2003 Server by the way.

Thanks for looking
0
Comment
Question by:cloughs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 4
  • +1
20 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 39804014
Give this a try (untested, so remove ECHO when it appears correct)
for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir %%~fg /ad /b') do ECHO icalcs "%%~fa" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 39804050
One slight oversight...this should work...
for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir %%~fg /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39804067
Or this, which is more like your initial command:
for /D %%D in (f:\Folder1) do ^
for /D %%A in ("%%~fD\*") do ^
ECHO icacls "%%~A" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 1

Author Comment

by:cloughs
ID: 39804677
Sirbounty,
Thanks for your quick response.  I have tried the second script and it addresses the right areas when run from the Folder1 folder.  However it cant handle subfolders with spaces in the name, it shows system cannot find the file specified.  Can you adapt it to cater for spaces in all folder names?
Thanks

Qlemo,
Thanks for your help also.  I have also tried your script but have found that yours does the same as before in that the Client1 folders as well as the subfolders seems to get the same modify permission.  So this is basically the same as i already have.
Thanks for your help
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 39805047
Just a matter of enclosing in quotes - this should do it...

for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir "%%~fg" /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39805060
Sorry, I forgot to add a wildcard in the first FOR. But why did you close the question if neither code works for you?
for /D %%D in ("f:\Folder1\*") do ^
for /D %%A in ("%%~fD\*") do ^
ECHO icacls "%%~A" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
LVL 1

Author Comment

by:cloughs
ID: 39805064
Sirbounty, that still doesnt work it does the same if i add the quotes there.  i have tried for the last few hours to add quotes all over but cant get it working.
0
 
LVL 55

Expert Comment

by:Bill Prew
ID: 39805069
Try this:

for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir "%%~fg" /ad /b') do icacls "%%~fg\%%a" /grant:r "domain\mygroup:(OI)(CI)M"

Open in new window

~bp
0
 
LVL 1

Author Comment

by:cloughs
ID: 39805077
Qlemo I have just tried your revised script and it seems to be working now.

billprew, no that doesnt work have tried that also.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39805091
The issue is (a) the tokenizing of FOR /F, and (b) the %~f operator working in the current working directory. The latter should apply to my script, too, making it probable to fail if not in f:\folder1.
pushd F:\folder1
for /f "delims=" %%g in ('dir .\ /ad /b') do for /f "delims=" %%a in ('dir "%%~fg" /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

Adding the same first line (pushd f:\folder1) to my script should make it safe.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
ID: 39805106
How about this one?

set startFolder=F:\Folder1
for /f "delims=" %%g in ('dir %startFolder% /ad /b') do for /f "delims=" %%a in ('dir "%startFolder%\%%g" /ad /b') do ECHO icacls "%startFolder%\%%g\%%a" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
LVL 1

Author Comment

by:cloughs
ID: 39805127
qlemo yes you were correct clients with spaces in the upper folder didnt work with that.

sirbounty that appears to be working fine now.  Is there an easy way to export failures to a text file?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39805132
Add
  2>> failures.log
to the very end of the command to log error messages into a file.
0
 
LVL 1

Author Comment

by:cloughs
ID: 39805140
Is that inside or outside the batch file?

e.g. permissions.bat 2> fail.log

or at the end of the for loop command?

Thanks
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39805162
Whereever you like it best. In the batch it is "fixed", you do not need to remember, but cannot change the log file. Please note that I have corrected that part to use 2>>, which is append; otherwise it would only log the last error (because 2> will be called for each loop step, overwriting the file, so it will only contain no or one line).
0
 
LVL 1

Author Comment

by:cloughs
ID: 39805180
Okay thats great.  Thanks to everyone that has helped with this issue, I will set the file going overnight now the tests have worked okay and will hopefully get the result I need by the morning.
0
 
LVL 1

Author Comment

by:cloughs
ID: 39805200
Okay I understand what you are saying but what I find with Experts Exchange is that once someone has answered a question it often gets ignored, even if the answer doesn't solve the problem.  

I have no way of knowing what times people work and since responses stopped for some time I assumed both people had gone to bed.  

This particular issue needed resolving tonight so by creating a second question it gave the best chances of getting it resolved promptly after the activity appeared to stop on this thread.

If you have access to my account feel free to take a look at my other open question which has been open months without response to see an example of this.

Thanks for your help once again.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have already been in the need to update a whole folder stucture using a script. Robocopy does it well and even provides a list of non-updated files in a log (if asked to). Generally those files that were locked by a user or a process by the …
Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question