Hi, We have a root folder F:\Users Below this there are 835 user folders. These all inherit permissions from the parent folder. Thay each also have the user account added with Full permissions. I need to stop all 835 folders from inheriting permissions from the F:\Users parent folder. I also need each user folder to retain their current permissions. I can right click a folder - Properties - Security - Advanced - clear the Allow Inheritable Permissions check box - select Copy and I get the required result. I don't want to do this 835 times! If I select multiple user folders and try and view the Security tab I can't - Permission cannot be displayed because they are different.... Is there a command line to accomplish this on all the sub folders? Cheers, Anthony.

You can use the CACLS command to do this. Here is a copy of a batch file that will remove permissions, add back administrators, and add the user to their own directory... assuming the names match up with AD and the directory. It will at least give u something to work from. @echo off set zLog=ResetHomePerms.log cls echo FIXHOME.BAT echo This script will reset permissions for all subdirectories echo in this folder. It is assumed that the subdirectories echo are named the same as their respective username. echo. choice /C YN /M "Are you sure you want to proceed?" if errorlevel 2 GOTO :Exit if errorlevel 1 GOTO :MAIN :MAIN if exist %zLog% del %zlog% >NUL choice /C CF /M "Do you want users to have (C)hange or (F)ull control permissions?" if errorlevel 2 GOTO ResetF if errorlevel 1 GOTO ResetC :RESETF echo Granting users FULL permissions echo. REM echo Granting users FULL permissions >>%zlog% for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && echo y|cacls "%%i" /T /g Administrators:F >NUL && cacls "%%i" /T /e /g "%userdomain%\%%i":F >>%zLog% && echo **********User_NTFS_Set>>%Zlog% REM rem out or modify the following line if you do not want to give Domain Admins Full control rem for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\Domain Admins":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog% goto :CLOSE :RESETC echo Granting users CHANGE permissions echo. REM echo Granting users CHANGE permissions >>%zlog% for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && echo y|cacls "%%i" /T /g Administrators:F >NUL && cacls "%%i" /T /e /g "%userdomain%\%%i":C >>%zLog% && echo **********User_NTFS_Set>>%Zlog% REM rem out or modify the following line if you do not want to give Domain Admins Full control for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\All_Staff":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog% for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\Domain Admins":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog% for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\HelpDesk":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog% goto :CLOSE :CLOSE echo. >>%zLog% date /t >>%zlog% && time /t >>%zLog% echo. echo See %zlog% for details set zLog= set zLogError= :EXIT