Batch File Help
Hello,
Looking for some help with a batch file I need to run urgently to set permissions on a number of folders.
We have the following folder structure
Folder1
Folder1\Client1
Folder1\Client2
Folder1\Client3
Then within each client folder we have several sub folders
e.g.
Folder1\Client1\SubFolder1
Folder1\Client1\SubFolder2
Folder1\Client1\SubFolder3
I need to reset permissions on all the Subfolders in the example above and have written the following code in a file called permissions.bat
for /d /r %%g in ("f:\Folder1") DO icacls "%%g" /grant:r domain\mygroup:(OI)(CI)M
This gives the modify permission to the AD group domain\mygroup to the folder Client1 and Subfolder1. The permissions of Client1 are different and should not be changed as users should not be able to delete/edit client folders. How can I modify the batch file to only apply the icacls command to the SubFolders under each Client folder rather than it applying to the Client folder and the Subfolders.
I am sure it will be something simple but everything I have tried doesnt seem to work. Nested For Loops maybe or is For the wrong command?
This is running on a 2003 Server by the way.
Thanks for looking
Looking for some help with a batch file I need to run urgently to set permissions on a number of folders.
We have the following folder structure
Folder1
Folder1\Client1
Folder1\Client2
Folder1\Client3
Then within each client folder we have several sub folders
e.g.
Folder1\Client1\SubFolder1
Folder1\Client1\SubFolder2
Folder1\Client1\SubFolder3
I need to reset permissions on all the Subfolders in the example above and have written the following code in a file called permissions.bat
for /d /r %%g in ("f:\Folder1") DO icacls "%%g" /grant:r domain\mygroup:(OI)(CI)M
This gives the modify permission to the AD group domain\mygroup to the folder Client1 and Subfolder1. The permissions of Client1 are different and should not be changed as users should not be able to delete/edit client folders. How can I modify the batch file to only apply the icacls command to the SubFolders under each Client folder rather than it applying to the Client folder and the Subfolders.
I am sure it will be something simple but everything I have tried doesnt seem to work. Nested For Loops maybe or is For the wrong command?
This is running on a 2003 Server by the way.
Thanks for looking
One slight oversight...this should work...
for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir %%~fg /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)M
Or this, which is more like your initial command:
for /D %%D in (f:\Folder1) do ^
for /D %%A in ("%%~fD\*") do ^
ECHO icacls "%%~A" /grant:r domain\mygroup:(OI)(CI)MASKER
Sirbounty,
Thanks for your quick response. I have tried the second script and it addresses the right areas when run from the Folder1 folder. However it cant handle subfolders with spaces in the name, it shows system cannot find the file specified. Can you adapt it to cater for spaces in all folder names?
Thanks
Qlemo,
Thanks for your help also. I have also tried your script but have found that yours does the same as before in that the Client1 folders as well as the subfolders seems to get the same modify permission. So this is basically the same as i already have.
Thanks for your help
Thanks for your quick response. I have tried the second script and it addresses the right areas when run from the Folder1 folder. However it cant handle subfolders with spaces in the name, it shows system cannot find the file specified. Can you adapt it to cater for spaces in all folder names?
Thanks
Qlemo,
Thanks for your help also. I have also tried your script but have found that yours does the same as before in that the Client1 folders as well as the subfolders seems to get the same modify permission. So this is basically the same as i already have.
Thanks for your help
Just a matter of enclosing in quotes - this should do it...
for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir "%%~fg" /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)M
Sorry, I forgot to add a wildcard in the first FOR. But why did you close the question if neither code works for you?
for /D %%D in ("f:\Folder1\*") do ^
for /D %%A in ("%%~fD\*") do ^
ECHO icacls "%%~A" /grant:r domain\mygroup:(OI)(CI)MASKER
Sirbounty, that still doesnt work it does the same if i add the quotes there. i have tried for the last few hours to add quotes all over but cant get it working.
Try this:
for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir "%%~fg" /ad /b') do icacls "%%~fg\%%a" /grant:r "domain\mygroup:(OI)(CI)M"ASKER
Qlemo I have just tried your revised script and it seems to be working now.
billprew, no that doesnt work have tried that also.
billprew, no that doesnt work have tried that also.
The issue is (a) the tokenizing of FOR /F, and (b) the %~f operator working in the current working directory. The latter should apply to my script, too, making it probable to fail if not in f:\folder1.
pushd F:\folder1
for /f "delims=" %%g in ('dir .\ /ad /b') do for /f "delims=" %%a in ('dir "%%~fg" /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)MASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
qlemo yes you were correct clients with spaces in the upper folder didnt work with that.
sirbounty that appears to be working fine now. Is there an easy way to export failures to a text file?
sirbounty that appears to be working fine now. Is there an easy way to export failures to a text file?
Add
2>> failures.log
to the very end of the command to log error messages into a file.
2>> failures.log
to the very end of the command to log error messages into a file.
ASKER
Is that inside or outside the batch file?
e.g. permissions.bat 2> fail.log
or at the end of the for loop command?
Thanks
e.g. permissions.bat 2> fail.log
or at the end of the for loop command?
Thanks
Whereever you like it best. In the batch it is "fixed", you do not need to remember, but cannot change the log file. Please note that I have corrected that part to use 2>>, which is append; otherwise it would only log the last error (because 2> will be called for each loop step, overwriting the file, so it will only contain no or one line).
ASKER
Okay thats great. Thanks to everyone that has helped with this issue, I will set the file going overnight now the tests have worked okay and will hopefully get the result I need by the morning.
ASKER
Okay I understand what you are saying but what I find with Experts Exchange is that once someone has answered a question it often gets ignored, even if the answer doesn't solve the problem.
I have no way of knowing what times people work and since responses stopped for some time I assumed both people had gone to bed.
This particular issue needed resolving tonight so by creating a second question it gave the best chances of getting it resolved promptly after the activity appeared to stop on this thread.
If you have access to my account feel free to take a look at my other open question which has been open months without response to see an example of this.
Thanks for your help once again.
I have no way of knowing what times people work and since responses stopped for some time I assumed both people had gone to bed.
This particular issue needed resolving tonight so by creating a second question it gave the best chances of getting it resolved promptly after the activity appeared to stop on this thread.
If you have access to my account feel free to take a look at my other open question which has been open months without response to see an example of this.
Thanks for your help once again.
Open in new window