Solved

Easy way to set folder permissions on new folders

Posted on 2014-02-28
9
618 Views
Last Modified: 2014-03-03
Looking for an easy way to change permissions on folders that are created daily.

Our Secretary's will create folders, always named Final, on a certain shared drive.  This shared drive is housed on Server 2012.

I'm not kept up to date on when they are created, as we have many offices all accessing this drive.

Just looking for an easier way to automatically do this, or run a script that will do this for me.  I need to give access only to a certain AD group, and remove access from the default group that is pulled by hierarchy.

Folder structure is as follows:

Main Drive
         - Client
                     -Client Folders
                                              -Final
         - Client
                     -Client Folders
                                              -Final
         - Client
                     -Client Folders
                                              -Final
         - Client
                     -Client Folders
                                              -Final
0
Comment
Question by:DerekFG
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39896772
What about putting a top level root folder between the Main Drive and all the Client Folders, that has all the permissions you need for that group (removing any other groups that don't need to be there) and turn Inheritable Permissions on so the permissions propagate to all subfolders and files?
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 39896824
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39896909
So, you mean to say that "Final" folder needs to be get created automatically underneath Client Folders ?
Unable to understand your requirement ?

Can you please elaborate ?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 2

Author Comment

by:DerekFG
ID: 39897207
I know how to set them manually.  

No, I do not need the folders created automatically, I need a script that will set permissions on any folder named exactly 'Final' under a certain drive.

The secretaries create the final folders and put the final copies of jobs in them.  Prior, these job folders are open to most everyone, but the Final folder I need to be locked down to only secretaries so no one accidentally deletes, moves or edits those documents.
0
 
LVL 35

Accepted Solution

by:
Gary Patterson earned 500 total points
ID: 39897533
Several comments:

1) Set up Shadow Copy to protect working files from accidental changed or deletions.

http://technet.microsoft.com/en-us/magazine/2006.01.rapidrecovery.aspx

2) Follow diggasaur's solution.  Don't stick a folder with different permissions down below.  Instead, create a tree with the correct inheritable permissions:

"Working" folder has broad permissions so most can access it.  Make it inheritable.
- Client
   - Client Folders

"Final" folder has "secretaries only inheritable permissions"
-Client

If you -must- preserve the original location of the "Final" folder in the tree, you could create a symbolic link to the final/client folder called "final" from working/client.

3) If you can't create an easy-to-use hierarchy like the one above, then consider using a file watching tool (I like the open source File Watcher Utilities tool) to monitor changes to the folders (like detect when a new folder is created, and have it fire off the iacls command to set permissions.  You can set up File Watcher Tools to run as a Windows service.

http://sourceforge.net/projects/fwutilities/
http://technet.microsoft.com/en-us/library/cc753525.aspx
0
 
LVL 2

Author Comment

by:DerekFG
ID: 39897775
We use Shadow Copy, as well as Veeam backups, so no worries really about losing data, just rather prevent the need.

Unfortunately I cannot change the location of the folders.  We are talking about thousands of job folders.  Believe me, when they initially wanted to set it up this way I warned them it was wrong, and they should have just created a different directory named Final, then put each client name under that and the documents there.

I'll look into the File Watcher Utility, as long as it can monitor and set only to exact name it should work fine.  There are other folders with the word final in them, but they are things such as 'final bid' 'final screening' etc... I've made sure that they know at least to only name the completed directory 'Final' exactly.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39897776
OK
1st you need to ensure that authenticated users have change share permissions on root shared folder in the hierarchy

Then you can control rest of the permissions with NTFS

If there are other folders also residing with Final folder, then you must remove all inheritable permissions from Final Folder and must grant secretaries modify NTFS permissions on that folder

You may try it with MS tool Subinacl or you can do it manually on need basis

Mahesh
0
 
LVL 35

Expert Comment

by:Gary Patterson
ID: 39897818
You were pretty clear in your requirements above that you needed "exactly" the string "Final".  That's why I referred you to this tool.  You can specify a regular expression, so you can be as specific or generic as you like.
0
 
LVL 2

Author Closing Comment

by:DerekFG
ID: 39900811
Option 3 was the way to go for us.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question