• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 535
  • Last Modified:

Batch File Help

Hello,
Looking for some help with a batch file I need to run urgently to set permissions on a number of folders.  

We have the following folder structure

Folder1
Folder1\Client1
Folder1\Client2
Folder1\Client3
Then within each client folder we have several sub folders
e.g.
Folder1\Client1\SubFolder1
Folder1\Client1\SubFolder2
Folder1\Client1\SubFolder3

I need to reset permissions on all the Subfolders in the example above and have written the following code in a file called permissions.bat

for /d /r %%g in ("f:\Folder1") DO icacls "%%g" /grant:r domain\mygroup:(OI)(CI)M

This gives the modify permission to the AD group domain\mygroup to the folder Client1 and Subfolder1.  The permissions of Client1 are different and should not be changed as users should not be able to delete/edit client folders.  How can I modify the batch file to only apply the icacls command to the SubFolders under each Client folder rather than it applying to the Client folder and the Subfolders.

I am sure it will be something simple but everything I have tried doesnt seem to work.  Nested For Loops maybe or is For the wrong command?

This is running on a 2003 Server by the way.

Thanks for looking
0
cloughs
Asked:
cloughs
  • 7
  • 5
  • 4
  • +1
1 Solution
 
sirbountyCommented:
Give this a try (untested, so remove ECHO when it appears correct)
for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir %%~fg /ad /b') do ECHO icalcs "%%~fa" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
sirbountyCommented:
One slight oversight...this should work...
for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir %%~fg /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
QlemoC++ DeveloperCommented:
Or this, which is more like your initial command:
for /D %%D in (f:\Folder1) do ^
for /D %%A in ("%%~fD\*") do ^
ECHO icacls "%%~A" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
cloughsAuthor Commented:
Sirbounty,
Thanks for your quick response.  I have tried the second script and it addresses the right areas when run from the Folder1 folder.  However it cant handle subfolders with spaces in the name, it shows system cannot find the file specified.  Can you adapt it to cater for spaces in all folder names?
Thanks

Qlemo,
Thanks for your help also.  I have also tried your script but have found that yours does the same as before in that the Client1 folders as well as the subfolders seems to get the same modify permission.  So this is basically the same as i already have.
Thanks for your help
0
 
sirbountyCommented:
Just a matter of enclosing in quotes - this should do it...

for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir "%%~fg" /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
QlemoC++ DeveloperCommented:
Sorry, I forgot to add a wildcard in the first FOR. But why did you close the question if neither code works for you?
for /D %%D in ("f:\Folder1\*") do ^
for /D %%A in ("%%~fD\*") do ^
ECHO icacls "%%~A" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
cloughsAuthor Commented:
Sirbounty, that still doesnt work it does the same if i add the quotes there.  i have tried for the last few hours to add quotes all over but cant get it working.
0
 
Bill PrewCommented:
Try this:

for /f %%g in ('dir f:\Folder1\ /ad /b') do for /f %%a in ('dir "%%~fg" /ad /b') do icacls "%%~fg\%%a" /grant:r "domain\mygroup:(OI)(CI)M"

Open in new window

~bp
0
 
cloughsAuthor Commented:
Qlemo I have just tried your revised script and it seems to be working now.

billprew, no that doesnt work have tried that also.
0
 
QlemoC++ DeveloperCommented:
The issue is (a) the tokenizing of FOR /F, and (b) the %~f operator working in the current working directory. The latter should apply to my script, too, making it probable to fail if not in f:\folder1.
pushd F:\folder1
for /f "delims=" %%g in ('dir .\ /ad /b') do for /f "delims=" %%a in ('dir "%%~fg" /ad /b') do ECHO icacls "%%~fg\%%a" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

Adding the same first line (pushd f:\folder1) to my script should make it safe.
0
 
sirbountyCommented:
How about this one?

set startFolder=F:\Folder1
for /f "delims=" %%g in ('dir %startFolder% /ad /b') do for /f "delims=" %%a in ('dir "%startFolder%\%%g" /ad /b') do ECHO icacls "%startFolder%\%%g\%%a" /grant:r domain\mygroup:(OI)(CI)M

Open in new window

0
 
cloughsAuthor Commented:
qlemo yes you were correct clients with spaces in the upper folder didnt work with that.

sirbounty that appears to be working fine now.  Is there an easy way to export failures to a text file?
0
 
QlemoC++ DeveloperCommented:
Add
  2>> failures.log
to the very end of the command to log error messages into a file.
0
 
cloughsAuthor Commented:
Is that inside or outside the batch file?

e.g. permissions.bat 2> fail.log

or at the end of the for loop command?

Thanks
0
 
QlemoC++ DeveloperCommented:
Whereever you like it best. In the batch it is "fixed", you do not need to remember, but cannot change the log file. Please note that I have corrected that part to use 2>>, which is append; otherwise it would only log the last error (because 2> will be called for each loop step, overwriting the file, so it will only contain no or one line).
0
 
cloughsAuthor Commented:
Okay thats great.  Thanks to everyone that has helped with this issue, I will set the file going overnight now the tests have worked okay and will hopefully get the result I need by the morning.
0
 
cloughsAuthor Commented:
Okay I understand what you are saying but what I find with Experts Exchange is that once someone has answered a question it often gets ignored, even if the answer doesn't solve the problem.  

I have no way of knowing what times people work and since responses stopped for some time I assumed both people had gone to bed.  

This particular issue needed resolving tonight so by creating a second question it gave the best chances of getting it resolved promptly after the activity appeared to stop on this thread.

If you have access to my account feel free to take a look at my other open question which has been open months without response to see an example of this.

Thanks for your help once again.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 7
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now