Assign file ownership on NTFS file server

Good day all,

I have a folder structure on a Windows 2008 R2 file server with about 120,000 documents in it.  I need to reassign ownership for individual files.  I have a list of all the files in the folder structure with a column indicating who the new owner should be.  The new owners are all user domain accounts and all these users have read & write access to this folder structure (their permissions I change as well).  My own account is also an administrator on the file server.

I'm struggling to find/build a script snippet that that will set an owner to a specific file.

My preference would be to do this in vbscript or VB.Net or powershell.

Any help will be appreciated.
Cheers
PantoffelSlippersAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Larry Struckmeyer MVPCommented:
Hi:

A "folder structure" with 120K files.... You don't say how many folders and how many users so we can't really say if what you want is feasible.  I would normally approach this by creating security groups of users and top level shares, then give each security group the appropriate access to each share.  I have found that nesting folders and files within folders within folders gets very messy and hard to maintain.
0
Lionel MMSmall Business IT ConsultantCommented:
This is quite easy to do in  batch file using "takeown" and icacls; you could go with
for /F "tokens=1,2 delims=," %%i in (C:\filelist.csv) do takeown /f %i
for /F "tokens=1,2 delims=," %%i in (C:\filelist.csv) do ICACLS %i /grant %j:F
this assumes that the filename is the first entry in your file and the user you want to take control the second
example
c:\backup\file1.bat, user1
c:\backup\file2.bat, user2
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BudDurlandCommented:
Just to throw in another two cents -- if these are MS Word or Excel files, you effort will be for naught when the files are updated.  When saving, office apps will tend to delete the 'old' file and re-write a new one.  One more reason why establishing ownership at the folder level is usually best.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

David Johnson, CD, MVPOwnerCommented:
Why do you feel that you need to do this? What is the ultimate result that you desire? it seems to me like a lot of work for no significant gain.
0
PantoffelSlippersAuthor Commented:
@ lionellmm:

Thank you.

I just create a bat file, the csv file and execute the bat file on a server that has access to the CSV file and the locations inside the CSV file?

What does this script do?  Take ownership for my own useraccount and then assign ownership to the account specified in the CSV file?

I'm not sure what icacls is - will have to google to see where I must run the script to have access to icacls functionality.

Thanks again
0
PantoffelSlippersAuthor Commented:
@BudDurland

If you mean when a user saves xls or doc file in future (after my update), they will overwrite the owner that I have now set, then that is OK.  No problem with that.  When that happens then I know the file has a "valid owner" (in the person who last worked on it) and even though a lot of these files are XLS/DOC, they won't be updated in large quantities.

So if I understood your post correctly, that wouldn't be a problem for us.

Thanks
0
PantoffelSlippersAuthor Commented:
@David Johnson

MMmmmmm....  It's a really long story.   We're in the process of doing an information cleanup project.  We basically had 1 large file server with 10.5 million documents in a messy mostly ungoverned folder structure.  We designed a new folder structure (fileplan) with proper security and facilitated a cleanup process where business users either transferred required documents from the messy structure into the new structure and they deleted the rest.  We reduced volumes from 10,5 million documents to just over 4 million documents during this process.  Areas in the old structure where file ownership was intact, were easier to clean up because based on the owners we could identify what business area the documents belong to.  Areas without proper file ownership information (like Administrator and the S-1.....  numbers) were much more difficult.  Also, where documents were transferred from old to new folder structure, we took care to retain ownership information.  So the new fileplan with roughly 4 million documents in now has very little orphan documents.  Our fileplan design is a comprehensive document with folder owners specified for the entire structure.  But as a result of this exercise, we feel that on top of maintaining folder owners, we want to also prevent orphaned documents from being created again.  Also, the client that we facilitated this cleanup project for also requested that we limit orphaned documents on a file level on the new fileplan.  Hope that makes sense.
0
PantoffelSlippersAuthor Commented:
@Larry Struckmeyer MVP:

Thanks for the prompt input.  Either you misunderstood my original post or I don't understand your response.

We don't want to assign permissions but rather I want to set the NTFS file owner for individual files within this structure.  I just mentioned that it's a 120k files to rule out the manual method of righ clicking on the file and setting ownership there.

Thanks
0
Lionel MMSmall Business IT ConsultantCommented:
icacls assigns permissions, either on an entire folder and its sub folders or it can be used folder by folder. The "script" I have you gives the Administrator file ownership and then gives full control to the user specified in your file/user list
0
David Johnson, CD, MVPOwnerCommented:
what you can do is move the files by username to a temporary directory apply the owner permissions to that directory and then move the files back or simply create a folder structure that has all of the usernames i.e.
\\server\sharename\user1
\\server\sharename\user2
create the permissions on these folders by usernam
copy the files into these directories by username (copying files inherits the folder permissions)
and if need be MOVE the files back (MOVE retains the file permissions)
0
Lionel MMSmall Business IT ConsultantCommented:
CORRECTION
icacls assigns permissions, either on an entire folder and its sub folders or it can be used folder by folder OR FILE BY FILE. The "script" I have you gives the Administrator file ownership and then gives full control OF THE FILE to the user specified in your file/user list
0
PantoffelSlippersAuthor Commented:
Hi Experts,

Sorry for the delay.  It seems icacls solved my problem.  At the time of writing my original post, I was busy compiling a VBScript to do some other stuff on the same folders (or actually all the files within the same folders) like correcting some naming/extension issues and date modified etc.  One of the things I needed to do was to set the owner.

I used your input relating to ICACLS in this thread and incorporated that into my overall VBScript so that the VBS builds the required ICACLS command and executes it as part of the VBScript execution.  See the screenshot 1.

After execution, the NTFS owner column reflected the required names.  See screenshot 2.

I hope that I haven't inadvertently damaged or affected something else.

Thanks for the help.
Screenshot-1---ICACLS-Inside-VBS.JPG
Screenshot-2---Owner-Names-In-Place.JPG
0
PantoffelSlippersAuthor Commented:
Thank you for this.  It wasn't exactly what I used but it helped me to get there.
0
Lionel MMSmall Business IT ConsultantCommented:
Can I ask what you actual solution was so I may in turn learn from you? Thank you!
0
PantoffelSlippersAuthor Commented:
@lionelmm:

You're the expert.  I hardly think you can learn anything from me.  But I did post my solution with screenshots in post: ID: 40315029.

I created a file list as per your batch script.  I couldn't get it to work but since you used ICACLS I googled that for more info - specifically to see an exact hardcoded example.  I then built in an extra portion into my existing VBScript file to dynamically generate an ICACLS command for each file that my VBSCript touches.  The VBScript then executes the generated ICACLS command.

See my previous post (ID: 40315029) with screenshot and let me know if you need anything more from me.

Cheers
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.