Remove inherited NTFS permissions on 835 sub folders.
-
2010年7月30日 13:57
Hi,
We have a root folder F:\Users
Below this there are 835 user folders.
These all inherit permissions from the parent folder.
Thay each also have the user account added with Full permissions.I need to stop all 835 folders from inheriting permissions from the F:\Users parent folder.
I also need each user folder to retain their current permissions.I can right click a folder - Properties - Security - Advanced - clear the Allow Inheritable Permissions check box - select Copy and I get the required result.
I don't want to do this 835 times!
If I select multiple user folders and try and view the Security tab I can't - Permission cannot be displayed because they are different....Is there a command line to accomplish this on all the sub folders?
Cheers,
Anthony.
すべての返信
-
2010年7月30日 14:21
You can use the CACLS command to do this. Here is a copy of a batch file that will remove permissions, add back administrators, and add the user to their own directory... assuming the names match up with AD and the directory. It will at least give u something to work from.
@echo off
set zLog=ResetHomePerms.log
cls
echo FIXHOME.BAT
echo This script will reset permissions for all subdirectories
echo in this folder. It is assumed that the subdirectories
echo are named the same as their respective username.
echo.
choice /C YN /M "Are you sure you want to proceed?"if errorlevel 2 GOTO :Exit
if errorlevel 1 GOTO :MAIN:MAIN
if exist %zLog% del %zlog% >NULchoice /C CF /M "Do you want users to have (C)hange or (F)ull control permissions?"
if errorlevel 2 GOTO ResetF
if errorlevel 1 GOTO ResetC:RESETF
echo Granting users FULL permissions
echo.
REM echo Granting users FULL permissions >>%zlog%
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && echo y|cacls "%%i" /T /g Administrators:F >NUL && cacls "%%i" /T /e /g "%userdomain%\%%i":F >>%zLog% && echo **********User_NTFS_Set>>%Zlog%
REM rem out or modify the following line if you do not want to give Domain Admins Full control
rem for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\Domain Admins":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
goto :CLOSE:RESETC
echo Granting users CHANGE permissions
echo.
REM echo Granting users CHANGE permissions >>%zlog%
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && echo y|cacls "%%i" /T /g Administrators:F >NUL && cacls "%%i" /T /e /g "%userdomain%\%%i":C >>%zLog% && echo **********User_NTFS_Set>>%Zlog%
REM rem out or modify the following line if you do not want to give Domain Admins Full control
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\All_Staff":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\Domain Admins":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
for /f "delims=:" %%i in ('dir /b /ad') do @echo %%i >>%zLog% && cacls "%%i" /T /e /g "%userdomain%\HelpDesk":F >>%zLog% && echo **********Admin_NTFS_Set>>%Zlog%
goto :CLOSE:CLOSE
echo. >>%zLog%
date /t >>%zlog% && time /t >>%zLog%
echo.
echo See %zlog% for detailsset zLog=
set zLogError=:EXIT
- 回答の候補に設定 Jason Sharp 2010年7月30日 17:47
- 回答としてマーク Karen Ji 2010年8月4日 3:15
-
2012年8月22日 17:26
Thanks, Just what I was looking for. We have a C:\Staff$\%username%. People are able to browse to other users directories if they are smart enough to type the $. When I remove Inherit Permissions from "Users" on one folder it does the trick. Going to try this tomorrow and see if it works in my situation.
2008 R2
-
2012年8月22日 17:41
Hi Justin
Jou can also use Scriptlogic Security Explorer
I think that trial will do the trick
Here is link for downolad
http://www.scriptlogic.com/products/security-explorer/
Best regards
Dubravko Marak
MCP
Blog: Windows Server Administration
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Please VOTE as HELPFUL if the post helps you. This can be beneficial to other community members reading the thread. -
2012年11月10日 3:48
Jason,
Could you please let me know how do run this batch file ?
I have hundred folders under a share folder d:\doceleves on a server where users create their home directory automaticaly after login.
The name of thoses folders have the name of the user.
I would like to give administrators Full right + User Full right too.
WHere do I right the batch file ? In d:\doceleves.
Please let me know.
It will very helpfull for me.
Merci
-
2012年11月10日 3:48
Jason,
Could you please let me know how do run this batch file ?
I have hundred folders under a share folder d:\doceleves on a server where users create their home directory automaticaly after login.
The name of thoses folders have the name of the user.
I would like to give administrators Full right + User Full right too.
WHere do I right the batch file ? In d:\doceleves.
Please let me know.
It will very helpfull for me.
Merci
-
2012年11月28日 18:04This batch file works great for user folders. But I was wondering if it was possible for it to be modified for profile folders as well?Specially profile folders with the .v2 for windows 7 profiles.
.png)
