Administration of Active Directory does not have to be hard. Too often what should be a simple task is made more difficult than it needs to be.The solution? Hyena from SystemTools Software. With ease-of-use as well as powerful importing and bulk updating capabilities.
a command promt tool to modify permission on large number of folders using variables and batch file
This is windows 2003 file share server ; hosting the personal folder for all users. need to clean up the permission on all users using a command prompt to save time ; so NTFS permission is full control for domainadmins and modify for the %username% on their folders and subfolders
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 26
see this question which can be adapted to what you need using the icacls and takeown command line tools http://www.experts-exchange.com/questions/28711330/delete-user-account-and-associated-redirect-folders.html#a40967181
> ...modify for the %username% on their folders and subfolders
What does the share folders look like? Is each folder named after the user? e.g.
If so, make a .bat file of this and try it on a test folder:
What does the share folders look like? Is each folder named after the user? e.g.
\\share\users\user1
\\share\users\user2
\\share\users\user3
...
If so, make a .bat file of this and try it on a test folder:
@echo off
SETLOCAL ENABLEDELAYEDEXPANSION
REM Give user Modify right to their user folder.
REM User folder has same name as user
REM - IMPORTANT: Do on a test folder first!
REM - IMPORTANT: Running this code now then at a later time, e.g. a few weeks or months later
REM may affect existing permissions. As always, USE WITH CARE.
REM - Change these variables to your needs: RootDir, DomName
REM - Makes a log file in your TEMP folder
set RootDir=d:\share\users
set DomName=domainname
set fnlog=%temp%\%~n0.log
>> "%fnlog%" echo %date% %time% BEGIN
if not exist "%RootDir%" (>> "%fnlog%" echo %date% %time% Missing %RootDir%& pause& goto :end)
pushd "%RootDir%"
REM - Disable inheritance and copy the existing ACEs
echo.
echo *** Disable inheritance and copy the existing ACEs
icacls "%RootDir%" /inheritance:d
if %errorlevel% neq 0 >> "%fnlog%" echo %date% %time% Error icacls "%RootDir%" Disable inheritance and copy the existing ACEs
REM - Remove users, including sub-folders. Else they would still be able to read...
echo.
echo *** Remove users, including sub-folders. Else they would still be able to read...
icacls "%RootDir%" /remove:g "Authenticated Users" /remove:g "domain users" /t /q
if %errorlevel% neq 0 >> "%fnlog%" echo %date% %time% Error icacls "%RootDir%" Remove users, including sub-folders
for /d %%a in (*) do (
REM pushd %%a
echo ------- "%%~fa"
REM - Grant modify rights to Subfolders and files only
echo.
echo *** Grant modify rights to Subfolders and files only
>> "%fnlog%" echo "%%~fa" "%DomName%\%%~na" Grant modify rights to Subfolders and files
icacls "%%~fa" /grant "%DomName%\%%~na":^(OI^)^(CI^)M /q
if %errorlevel% neq 0 >> "%fnlog%" echo %date% %time% Error icacls "%%~fa" "%DomName%\%%~na" Grant modify rights to Subfolders and files
REM popd
)
:end
>> "%fnlog%" echo %date% %time% END
popd
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
I was able to do that in 2 lines
cacls (foldername) /e /T /p SYSTEM:f (will grant system full control over username folder)
icacls (foldername) /grant:r e-academy\username:(OI)(CI
username and foldername have the same name
I did not test the solutions above , but will give points to each equally
cacls (foldername) /e /T /p SYSTEM:f (will grant system full control over username folder)
icacls (foldername) /grant:r e-academy\username:(OI)(CI
username and foldername have the same name
I did not test the solutions above , but will give points to each equally
> I was able to do that in 2 lines
Without additional code, how does line 2 take care of your request to "...modify for the %username% on their folders and subfolders"?
Without additional code, how does line 2 take care of your request to "...modify for the %username% on their folders and subfolders"?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Batch
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2016 Part … 125 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2007 Inte… 188 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2010 Adva… 183 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.