Remove inherited NTFS permissions on 835 sub folders.
Hi,
We have a root folder F:\Users
Below this there are 835 user folders.
These all inherit permissions from the parent folder.
Thay each also have the user account added with Full permissions.
I need to stop all 835 folders from inheriting permissions from the F:\Users parent folder.
I also need each user folder to retain their current permissions.
I can right click a folder - Properties - Security - Advanced - clear the Allow Inheritable Permissions check box - select Copy and I get the required result.
I don't want to do this 835 times!
If I select multiple user folders and try and view the Security tab I can't - Permission cannot be displayed because they are different....
Is there a command line to accomplish this on all the sub folders?
Cheers,
Anthony.
July 30th, 2010 4:57pm
You can use the CACLS command to do this. Here is a copy of a batch file that will remove permissions, add back administrators, and add the user to their own directory... assuming the names match up with AD and the directory. It will at least
give u something to work from.
@echo off
set zLog=ResetHomePerms.log
cls
echo FIXHOME.BAT
echo This script will reset permissions for all subdirectories
echo in this folder. It is assumed that the subdirectories
echo are named the same as their respective username.
echo.
choice /C YN /M "Are you sure you want to proceed?"
if errorlevel 2 GOTO :Exit
if errorlevel 1 GOTO :MAIN
:MAIN
if exist %zLog% del %zlog% >NUL
choice /C CF /M "Do you want users to have (C)hange or (F)ull control permissions?"
if errorlevel 2 GOTO ResetF
if errorlevel 1 GOTO ResetC
:RESETF
echo Granting users FULL permissions
echo.
REM echo Granting users FULL permissions >>%zlog%
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && echo y|cacls "%%i" /T /g Administrators:F >NUL && cacls "%%i" /T /e /g "%userdomain%\%%i":F >>%zLog% && echo **********User_NTFS_Set>>%Zlog%
REM rem out or modify the following line if you do not want to give Domain Admins Full control
rem for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\Domain Admins":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
goto :CLOSE
:RESETC
echo Granting users CHANGE permissions
echo.
REM echo Granting users CHANGE permissions >>%zlog%
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && echo y|cacls "%%i" /T /g Administrators:F >NUL && cacls "%%i" /T /e /g "%userdomain%\%%i":C >>%zLog% && echo **********User_NTFS_Set>>%Zlog%
REM rem out or modify the following line if you do not want to give Domain Admins Full control
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\All_Staff":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\Domain Admins":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\HelpDesk":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
goto :CLOSE
:CLOSE
echo. >>%zLog%
date /t >>%zlog% && time /t >>%zLog%
echo.
echo See %zlog% for details
set zLog=
set zLogError=
:EXIT
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2010 5:21pm