Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NTFS file system troubles kudos to answerman! 1

Status
Not open for further replies.
weezy6902

weezy6902

IS-IT--Management
Jun 2, 2003
46
US
Greetings,
I have a problem with a home directory difficulty. The current file system is set to have administrators fukll rights, domain users full rights and each user is the owner of their home directory. I want to change this as it allows each user to take control and omit the administrators from directories in their home directory thus limiting the admin from being able to administrate the store.

Does anyone know how to turn on "inherit" on a whole list of directories instead of just doing it one at a time?

What im doing now is going through them one at a time and granting ownership then checking inheret on affected files/folders within their directory. VERY TIME CONSUMING

Security explorer offers this but at 460 per sercver license thats a little steep as i may have 17 servers to do and over 3000 home directories!

SUPOER DUPER kudos to anyone with the answer on this one!!!

Thanks,
Ben
 
Sort by date Sort by votes
Yes, all you have to do is set it at the parent level and then choose Advanced and click the box
"Replace permission entries for all child objects with entries shown here that apply to child objects"

That will do what you ask but not accomplish your goal as it will remove the individual users rights unless you want all users to have the smae rights to all other users folders which I doubt is your intention.

The solution you seek is to script this. You will want to enumerate each folder and then using XCACLS set the needed permissions to give each user MODIFY rights to their folder and give Admin FULL rights.

I just wrote this and have not tested this script but this should do it for you.

Code: 
'==========================================================================
'
' NAME: ResetNTFSUserPerms.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.TheSpidersParlor.com[/URL]
' COPYWRITE (c) 2005 All Rights Reserved
' DATE  : 1/6/2006
'
' COMMENT: 
'
'==========================================================================
Dim objFSO, oShell, oFolder, colSubfolders, oSubFolder, sXPath, sFolder

sXpath =  "\\server\util\xcacls.exe"
sDrive = "E:\UserShares\"
Set objFSO = createobject("Scripting.FileSystemObject")
Set oShell = Wscript.CreateObject("Wscript.Shell")
Set oFolder = objFSO.GetFolder(sDrive)
Set colSubfolders = oFolder.Subfolders

For Each oSubfolder in colSubfolders
	sFolder = oFso.GetFolder(oSubfolder).ShortPath & " "
   	oShell.Run "cmd /C " & sXpath & " "& sFolder & " " & " /E /G "&Chr(34)& "Domain Admins" &Chr(34)& ":F" 
   	oShell.Run "cmd /C " & sXpath & " "& sFolder & " " & " /E /G " & oSubfolder.Name & ":RCXEWD"
Next


I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Great, thanks for the response! I have not tried this but your post describes my exact needs. I will be playing with this today!

Thanks alot!

Ben
 
Upvote 0 Downvote
Im trying this but not getting positive results. it seems to be going through the directory structure but not changing anything. Does this script read whos already at the home directory perms and modify then apply down the tree as well as turn on inherit? Its not doing anything for me yet. I am tryingit on a few directories on my box just for now...

Any other info would be helpful as i am no expert in this area. I know its the right idea though for sure!

Ben
 
Upvote 0 Downvote
The script assumes that the directory name matches the user name. You may need to tweak for your environment.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
i have it working somewhat... I cant seem to get the perms to apply down the tree into all the directories within each home directory. Maybe just a switch i need to find or something. thanks for all your help so far!!

ben
 
Upvote 0 Downvote
You will propbably need to script to enumerate the subs and set the permissions.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
OK sorry to bring this one back from the dead but i got the script configured to apply the rights i want but after doing this it works fine....except... I get a "permissions incorrectly ordered" dialog when i go to security on any of the folders. Is this benign? When i verify the acls on a directory everything looks kosher. i just get this pop up asking me to let windows sort the permissions or hit cancel to reset the permissions...

Thanks,

Ben
 
Upvote 0 Downvote
You can avoid that wrror by first manually adding all the permissions you want to a sample directory. You can then see the order that it applies them in the permissions list. Duplicate that order in the script to avoid the error message. AS you have discovered, the permissions are correctly applied, so I do believe it is safe to ignore.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
i do find this post helpful. Just dealin with alot of directories here hahah

Thanks again for your help,


Ben
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
722
microsGuy16
microsGuy16
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
605
DTGMI
DTGMI
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
374
hairlessupportmonkey
hairlessupportmonkey
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
253
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
816
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top