Avatar of Skarley Guerrero
Skarley Guerrero
Flag for United States of America asked on

Is there a way to set user permissions for a folder n directories deep without knowing the name of the folder?


I am writing a batch file to set user permissions for a plethora of folders. For one specific folder, I would like to set different permissions for each directory and sub-directory. The issue I'm having is getting to a certain level and setting permissions for all those folders. Example:

Main folder > (20 Folders in Main Folder) > (50 Folders in each sub-Main Folder) > (5 folders after that) > pdf files

The numbers are arbitrary, but that's somewhat how the construction of our file system looks like.

the directory right before the pdf files (5 folders after that) should have modify permissions. each sub-folder before that should have only folder creation permissions. Finally, the Main folder has read-only permissions.

What I have attempted so far is this batch script:

icacls "Main Folder" /grant:r %username%:M /T    

FOR /D %%S in ("Main Folder\*") do icacls "%%S" /grant:r Users:(R, AD) /grant:r %username%:(R, AD)

icacls "Main Folder" /grant:r Users:R /grant:r %username%:R

This sets the permissions I want but only up to this point:  Main folder > (20 Folders in Main Folder) > (50 Folders in each sub-Main Folder)

I've tried nesting a FOR loop to get into that last directory, but had no success.

Thank you!
Active Directory

Avatar of undefined
Last Comment
Steve Knight

8/22/2022 - Mon
Steve Knight

So your five levels means 5 more subdirectories deep or 5 more at the same level?

Can you get a list of the right ones using

Dir main folder\sub folder\*\ /ad /b or with 5 x \* if it is 5 folders deeper?

Lionel MM

if I understand you right, you have a folder named test1 and it is 60 folder-sub folder deep? and you don't know its name? if that is what you are asking then the only way to assign folder test1 specific permissions it to assign is to assign the required permissions to an earlier "parent" folder and turn on inheritance. So you will assign a folder above it the required permissions and then enable inheritance and assign that same permissions to that folder and all its sub-folders for example to give Full Control to  Domain-name\user-name to folder d:\parent-folder-name and all its subfolder and files. You can also put this in batch file and loop through a list of known folder names.
icacls d:\parent-folder-name /inheritance:r /grant:r Domain-name\user-name:(OI)(CI)F /T
Steve Knight

Above dir won't work of course.  Suggest you post few example directories but how about this to get the raw directory names?

dir /ad /b /s | findstr /i /r "x:\\Top Level\\Next level\\.*\\.*\\.*\\.*\\*"

etc. i.e to match

x:\top level\next level followed by \ then any characters, another backslash etc....

You can soon then use that in a FOR or FORFILES command to run icacls etc.

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Steve Knight

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Steve Knight

I wold suggest as follows:

Accept dragon-it http:#a42377542