One of the schools i work at is having a lot of problems with their user drive permissions. Something/Someone has removed a lot of the permissions and we need to re-add them to what they should be.

The directories are set up in the hierarchy:

Students (Shared)
>2007 (year of graduation)

The permissions we want to set are as follows:

Students Directory
Administrator (Full)
System (Full)
Staff (Read)
Students (Read, This Folder Only)

Yeargroup Directory
Administrator (Full, Inherited)
System (Full, Inherited)
Staff (Read, Inherited)
Year Group (Read, This Folder Only)

Individual Student's Directory
Administrator (Full, Inherited)
System (Full, Inherited)
Staff (Read, Inherited)
Student (Modify, Owner)

We can easily set the permissions for the student and yeargroup directories, but if we try to then reset the student directories to inherit the permissions, it will clear everything, leaving us to have to individually re-add the individual student's permissions to their own directories, and then re-make them owner.

There is an existing script that uses cacls and subinacl to change the permissions, however it just comes up with "access denied" errors. The existing script is as follows:

for /F %%i IN ('dir /b /ad /od') DO call :process %%i
echo y|"C:\windows\system32\cacls" Q:\Students\EduUsers\2008\%1 /T /e /g %1:f 
"C:\Program Files\Windows Resource Kits\Tools\\subinacl" /subdirectories Q:\Students\EduUsers\2008\%1 /setowner=%1
Just wanting to seek either what we need to do to get this batch file working, or another alternative that can reset the permissions for us.