none
Script to change permissions of sub folders with the same name

    Question

  • I have a parent folder call Projects, under that I have over 400 folders with a separate folder name (eg. Project1, Project2, etc). Under each Project folder there is a standard folder called Management, that should have restricted access but they don't. I would like to change the permissions for this Management subfolder only, within all the projects (same permissions). If anyone has an idea on how to do this it would really be appreciated, thanks.
    Friday, November 23, 2012 4:26 AM

Answers

  • Hi, I finally got it working with a bit of help, this is the command:

    for /f %i in ('dir /b /s e:\test\*a*') do icacls %i /grant "management":(OI)(CI)F /inheritance:r

    The dir command had to be tweaked a bit.

    Thanks again for your help.

    Scott.

    I edited that code twice and added the /b.  I see it is still missing.  This forum software makes me crazy.  It loses cahnges and loses whoile thread.  All of the time a 'Submit' throws and error.  Th3e second submit always works but may not actually do the update even if it shows on teh screen as updates.


    ¯\_(ツ)_/¯

    • Marked as answer by Scott_za Monday, November 26, 2012 1:04 AM
    Monday, November 26, 2012 1:03 AM
  • Thanks jrv, the difficult part is using icacls to then apply certain persmissions (eg, domain.local\domain admins and domain.local\management) to these 400+ Management folders only. This is what I find difficult to script, as it would need to do some sort of check, then apply based on those folders.


    If you do not know how to manage permissions then I recommend posting in the platform forum for your OS.  ICACLS is not a script but isa commandline utility.

    You can enumerate teh folders and pass them to ICACLS.  Createing the ICACLS statement you want is beyond the scope of this forum.

    Start by typing ICACLS /?.  Test your statement on a single folder until you get it right.  Post to platform forum with questions about ICACLS.

    How you would do what you ask depends entirely on how the folders are set and what permisions have been added or propagated and the exact nature of the result you want.

    Again - beyond the enumeration of the folders this is not a scripting issue.

    You can use the FOR statement to enumerate the folder to the ICACLS statement:

    FOR /? - see the examples.

    You can post back here with questions about the enumeration.

    for /f  %i in ('dir e:\Projects*Management* /s /ad') do @echo %i

    Replace the @echo %i with your ICACLS statement.  Use %%i if this is run in a batch file.


    ¯\_(ツ)_/¯

    Friday, November 23, 2012 6:07 AM
  • I worked it out:

    FOR /f "tokens=*" %i in ('DIR /a:d /b /s management*') DO icacls "%i" ....etc

    Thanks.

    • Marked as answer by Scott_za Monday, November 26, 2012 2:08 AM
    Monday, November 26, 2012 2:08 AM

All replies

  • Use iCacls. (ICACLS -?)

    This will giveyou a list of all folders with maintenance in th ename.

    dir e:\Projects*Management* /s /ad


    ¯\_(ツ)_/¯

    Friday, November 23, 2012 5:47 AM
  • Thanks jrv, the difficult part is using icacls to then apply certain persmissions (eg, domain.local\domain admins and domain.local\management) to these 400+ Management folders only. This is what I find difficult to script, as it would need to do some sort of check, then apply based on those folders.


    • Edited by Scott_za Friday, November 23, 2012 5:53 AM
    Friday, November 23, 2012 5:52 AM
  • Thanks jrv, the difficult part is using icacls to then apply certain persmissions (eg, domain.local\domain admins and domain.local\management) to these 400+ Management folders only. This is what I find difficult to script, as it would need to do some sort of check, then apply based on those folders.


    If you do not know how to manage permissions then I recommend posting in the platform forum for your OS.  ICACLS is not a script but isa commandline utility.

    You can enumerate teh folders and pass them to ICACLS.  Createing the ICACLS statement you want is beyond the scope of this forum.

    Start by typing ICACLS /?.  Test your statement on a single folder until you get it right.  Post to platform forum with questions about ICACLS.

    How you would do what you ask depends entirely on how the folders are set and what permisions have been added or propagated and the exact nature of the result you want.

    Again - beyond the enumeration of the folders this is not a scripting issue.

    You can use the FOR statement to enumerate the folder to the ICACLS statement:

    FOR /? - see the examples.

    You can post back here with questions about the enumeration.

    for /f  %i in ('dir e:\Projects*Management* /s /ad') do @echo %i

    Replace the @echo %i with your ICACLS statement.  Use %%i if this is run in a batch file.


    ¯\_(ツ)_/¯

    Friday, November 23, 2012 6:07 AM
  • Ok this is my icacls statement, I tested it and it works on a single folder: C:\>icacls "e:\1" /grant "management":(OI)(CI)F /inheritance:r

    This removes all permissions and adds the Management AD group to the 1 folder. Can you please help finish the command off, and add the icacls staement but change it so that it applies it to the output of the dir e:\project..etc command and not just a single folder as I've done? I can't quite work out how to fit them together.



    • Edited by Scott_za Friday, November 23, 2012 6:32 AM
    Friday, November 23, 2012 6:30 AM
  • Change  "e:\1" to "%i"

    I recommend that you test this wher eit will not cause issues.  You will need to understand what you are doing.  I cannot guarantee that anything you do will actually work as you expect becuse I cannot see your system.

    Be sure you have a full backup of everything that may be affected by altering the permisisons. Assume the worst case scenario.


    ¯\_(ツ)_/¯


    • Edited by jrv Friday, November 23, 2012 6:46 AM
    Friday, November 23, 2012 6:44 AM
  • I tested it with the full command and it failed with file not found, perhaps you're able to work out what I'm going wrong. I have a parent folder called e:\test, sub folders called 1 and 2, and within each sub folder, folders called a and b. I tried to find all folders with a, then apply the icacls statement. I think I'm close, just need a final tweak :)

    C:\>for /f  %i in ('dir e:\test*a* /s /ad') do icacls %i /grant "management":(OI)(CI)F /inheritance:r
    File Not Found

    C:\>icacls %i /grant "management":(OI)(CI)F /inheritance:r
    %i: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    C:\>icacls %i /grant "management":(OI)(CI)F /inheritance:r
    %i: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    The @echo command also returns nothing, so I think that's where the problem lies. There is definitely a folder e:\test, with 1 and 2 in there, and a and b in each one.

    C:\>for /f  %i in ('dir e:\Test*a* /s /ad') do @echo %i
    File Not Found

    Volume

    Volume


    C:\>



    • Edited by Scott_za Friday, November 23, 2012 7:53 AM
    Friday, November 23, 2012 6:53 AM
  • You have the command but you are running it incorrectly.

    You need to replace teh rtem,plate with your ownfolder names.

    The ICACLS test you are running shows you do not understand WIndows batch files.  I recommend that you get the basics so you can understand what I posted.

    for /f  %i in ('dir e:\Test*a* /s /ad') do @echo %i
    File Not Found

    Is your folder named e:\test*a* ?   I don't think so.


    ¯\_(ツ)_/¯

    Friday, November 23, 2012 8:43 AM
  • I have actually run the correct command since, see below, and the icacls tries to run the command at each part of the dir command, eg. icacls Volume...icacls Directory, so again it's not quite right. At the risk of annoying you even more, I really need help to get this working as it's a top priority for my manager as users can access this folder where it should be restricted so Please if you could help me get this right I would really appreciate it. Everyone has their strengths in IT, scripting with variables isn't one of mine.

    E:\>for /f %i in ('dir e:\test\*a* /s /ad') do icacls %i /grant "management":(OI)(CI)F /inheritance:r

    E:\>icacls Volume /grant "management":(OI)(CI)F /inheritance:r
    Volume: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls Volume /grant "management":(OI)(CI)F /inheritance:r
    Volume: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls Directory /grant "management":(OI)(CI)F /inheritance:r
    Directory: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls 23/11/2012 /grant "management":(OI)(CI)F /inheritance:r
    23/11/2012: The system cannot find the path specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls 0 /grant "management":(OI)(CI)F /inheritance:r
    0: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls Directory /grant "management":(OI)(CI)F /inheritance:r
    Directory: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls 23/11/2012 /grant "management":(OI)(CI)F /inheritance:r
    23/11/2012: The system cannot find the path specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls 0 /grant "management":(OI)(CI)F /inheritance:r
    0: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls Total /grant "management":(OI)(CI)F /inheritance:r
    Total: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls 0 /grant "management":(OI)(CI)F /inheritance:r
    0: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>icacls 2 /grant "management":(OI)(CI)F /inheritance:r
    2: The system cannot find the file specified.
    Successfully processed 0 files; Failed processing 1 files

    E:\>


    Monday, November 26, 2012 12:30 AM
  • Hi, I finally got it working with a bit of help, this is the command:

    for /f %i in ('dir /b /s e:\test\*a*') do icacls %i /grant "management":(OI)(CI)F /inheritance:r

    The dir command had to be tweaked a bit.

    Thanks again for your help.

    Scott.

    Monday, November 26, 2012 12:49 AM
  • Hi, I finally got it working with a bit of help, this is the command:

    for /f %i in ('dir /b /s e:\test\*a*') do icacls %i /grant "management":(OI)(CI)F /inheritance:r

    The dir command had to be tweaked a bit.

    Thanks again for your help.

    Scott.

    I edited that code twice and added the /b.  I see it is still missing.  This forum software makes me crazy.  It loses cahnges and loses whoile thread.  All of the time a 'Submit' throws and error.  Th3e second submit always works but may not actually do the update even if it shows on teh screen as updates.


    ¯\_(ツ)_/¯

    • Marked as answer by Scott_za Monday, November 26, 2012 1:04 AM
    Monday, November 26, 2012 1:03 AM
  • New issue.....the command still works, but I tried to run just the for command, for /F %i in ('dir  /b /s  z:\*management*') do echo %i, and although it does present the results, they folder names only show the first bit until there's a space, EG. The sub folder is called 2012 Admin Mine, but the dir command only shows z:\projects\2012 - and leaves out the rest of the path (should be z:\projects\2012 Admin Mine\Management.....any ideas? This will be the last one!

    • Edited by Scott_za Monday, November 26, 2012 1:22 AM
    Monday, November 26, 2012 1:04 AM
  • I worked it out:

    FOR /f "tokens=*" %i in ('DIR /a:d /b /s management*') DO icacls "%i" ....etc

    Thanks.

    • Marked as answer by Scott_za Monday, November 26, 2012 2:08 AM
    Monday, November 26, 2012 2:08 AM