+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 33
Windows Server 2000/2003 Thread, NTFS Bulk Permissions Help! in Technical; Hey I can see loads of references to this but can't get my head around any of them - I ...
  1. #1
    pnlrogue1's Avatar
    Join Date
    Jul 2008
    Location
    Edinburgh, Scotland
    Posts
    72
    Thank Post
    37
    Thanked 5 Times in 3 Posts
    Rep Power
    13

    NTFS Bulk Permissions Help!

    Hey

    I can see loads of references to this but can't get my head around any of them - I have folders containing student home directories and I need them to have permissions to access them

    The folders are stored in "E:\Users\Students\Work\Intake08" (or Intake07 etc) on one of my servers
    The folder and user logon name are the same (e.g. 07smitha) and the share names are username$ and everyone has full access to the share

    I've seen so many scripts today that my head is aching - can someone please provide a script that will scan the directory for me and allocate permissions or walk through their one with me so I can customise it to my needs?

    Thanks

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    Have a look at Autoshare. Very easy to use and free.

  3. Thanks to Michael from:

    pnlrogue1 (18th August 2009)

  4. #3

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Not sure exactly what you're trying to achieve so let's start with the basics - apologies if it's too basic :-)

    The permissions that a user sees are made up from 2 parts - the permissions set on the share (you've said it's full control on all of them) and the NTFS permissions on the actual folder/files.

    The result is the most restrictive of the two - eg if either of them is "read/only" then that's all you can do. Given this, I like to make the shares full permission and focus on getting the folder permissions right.

    The cacls command is part of Windows and you can use it like this:
    Code:
    cacls E:\Users\Students\Work\Intake07\07smitha /e /t /g 07smitha:c
    This says, take the folder e:\users etc and edit the existing perms (/e) Do this to the whole tree (/t - ie everything under this folder) and grant (/g) change permission to user 07smitha (change permission means read, write, delete - basically, everything but change permissions - in general you don't want your users changing the permissions)

    If the permissions on e:\users\students\work are set right (I would normally have administrators - full; system - full) then this is good.

    so, how do you do all the folders in intake07 in 1 go? this is where simple batch commands come in. If you type:
    Code:
    E:
    cd \Users\Students\Work\Intake07\ 
    for /d %i in (*) do echo %i
    then you'll see a list of folders flash by - the for command is saying do "something" multiple times. The /d says "only match directories". The %i is a variable - basically, you're going to look at every folder (* means match every folder; try using s* and see what happens) and put it's name in %i and then the "do" bit says what you want it to do - in this case echo (show on screen) its value

    Well, that's pretty but no use. To make it do something "real" you change that echo to something meaningful:
    Code:
    E:
    cd \Users\Students\Work\Intake07\ 
    for /d %i in (*) do cacls %i /e /t /g %i:c
    this will give you a series of commands and because your username matches the folder name it will work - eg you'll get
    Code:
    cacls aardvark /e /t /g aardvark:c
    cacls buffalo /e /t /g buffalo:c
    cacls cheetah /e /t /g cheetah:c
    and so on.

    I hope that get's you started - shout if it doesn't help or is going completely the wrong way!

  5. 3 Thanks to srochford:

    joe90bass (25th March 2011), pnlrogue1 (18th August 2009), projector1 (18th August 2009)

  6. #4

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,067
    Thank Post
    209
    Thanked 430 Times in 310 Posts
    Rep Power
    144
    Active Directory will do this for you, I don't know why a lot of people don't take advantage of the fact that it's all geared up to do it providing you set it up correctly. Why make this simple task any harder than it has to be?

    What you need to do is share the root of the student home directories, and map the home folders through the one share instead of having individual shares for each user. It does work and is a perfectly acceptable, safe and reliable method of providing home folders.

    The way we do it is as follows;

    We have a share called Folders on our storage server which is shared as folders$ on the server.
    Each year group has a sub folder in this
    The users home folders are sub folders of the relevant year group.

    The important thing before you do anything else is to turn off inheritance of permissions and set the students group on your network to have read only access for this folder only otherwise the home folders will inherit the permissions, and you end up in the nightmare scenario where students can read each others home folders. Set the permissions properly at this stage and there's no worries security wise. Also add any other groups you want to have access to the student folders and set the permissions accordingly. It's easier to do this now, as once you have a load of folders and data in them it takes a while to change NTFS permissions.

    You don't even need to give students full read permissions, you can get away with Read Attributes, Read Extended Attributes and Read Permissions at this point, it will stop students being able to browse the root folder, but it still lets them access folders further up the tree that they have correct permissions for. Word of caution, if you use offline files, users will require full read access to the root of the share or syncronisation won't work.

    Incidently on the sharing tab, make sure that everyone is granted full permissions. The NTFS permissions you set on the security tab will keep everyone out of places they shouldn't be, you can pretty much dis-regard the actual sharing permissions.

    You can get active directory to create and set permissions on all the home folders for your users in one go by selecting them all at once, RH clicking and going to properties. Tick the box for connect home folder to, and select the drive letter you want to use, then type the correct UNC path using %username% on the end. e.g. \\SERVER\FOLDERS$\YEAR07\%username% Windows will then create all the folders for you, and set the permissions on them as well in about 5 seconds flat, Job done.

    It works, and in my opinion it's a whole lot easier than using scripts or 3rd party applications and what's more once you've got it working, any new users you setup will automatically get their home folder created for them and the permissions set.

    If I remember rightly, this is Microsoft's recommended method of assigning home folders to users on Server 2000 and 2003 which is why it works so well.

    I hope that's of some help,

    Mike.

    edit: sorry if that sounds like a rant, but why use scripts when it's all there built into windows already?
    Last edited by maniac; 17th August 2009 at 11:44 PM.

  7. #5
    pnlrogue1's Avatar
    Join Date
    Jul 2008
    Location
    Edinburgh, Scotland
    Posts
    72
    Thank Post
    37
    Thanked 5 Times in 3 Posts
    Rep Power
    13

    Tried that already

    Quote Originally Posted by maniac View Post
    What you need to do is share the root of the student home directories, and map the home folders through the one share instead of having individual shares for each user. It does work and is a perfectly acceptable, safe and reliable method of providing home folders.
    I've tried to do it that way and our AD just won't set the permissions (we're coming away from an RM system so the AD is a huge mess). All it says is 'you will need to check the permissions yourself' which isn't overly helpful!

  8. #6

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,785
    Thank Post
    3,291
    Thanked 1,054 Times in 975 Posts
    Rep Power
    365
    wisesoft has a bulk NTFS permissions app - not sure if that helps or not but worth a look

    Registration is free and then you can download all the apps including the NTFS perms one.

    WiseSoft - Resources for IT Professionals

    http://wisesoft.co.uk/software/ntfsfix/default.aspx

  9. Thanks to mac_shinobi from:

    pnlrogue1 (18th August 2009)

  10. #7
    pnlrogue1's Avatar
    Join Date
    Jul 2008
    Location
    Edinburgh, Scotland
    Posts
    72
    Thank Post
    37
    Thanked 5 Times in 3 Posts
    Rep Power
    13

    Brilliant!

    Quote Originally Posted by srochford View Post
    Well, that's pretty but no use. To make it do something "real" you change that echo to something meaningful:
    Code:
    E:
    cd \Users\Students\Work\Intake07\ 
    for /d %i in (*) do cacls %i /e /t /g %i:c
    this will give you a series of commands and because your username matches the folder name it will work - eg you'll get
    Absolutely perfect! That was exactly what I was looking for!

    I'm a pretty good programmer who can usually take what I'm given and make it work but I just don't speak DOS and can't get my head around it so that was brilliant!

    Thank you so much for that!

  11. #8
    pnlrogue1's Avatar
    Join Date
    Jul 2008
    Location
    Edinburgh, Scotland
    Posts
    72
    Thank Post
    37
    Thanked 5 Times in 3 Posts
    Rep Power
    13

    Saw them but...

    Quote Originally Posted by mac_shinobi View Post
    wisesoft has a bulk NTFS permissions app - not sure if that helps or not but worth a look

    Registration is free and then you can download all the apps including the NTFS perms one.

    WiseSoft - Resources for IT Professionals

    http://wisesoft.co.uk/software/ntfsfix/default.aspx
    I saw them when I was searching yesterday but their site was broken so I couldn't see what apps they had!

  12. #9

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,785
    Thank Post
    3,291
    Thanked 1,054 Times in 975 Posts
    Rep Power
    365
    Quote Originally Posted by pnlrogue1 View Post
    I saw them when I was searching yesterday but their site was broken so I couldn't see what apps they had!
    seems fine to me now - they have a password reset tool and a few others not to mention a whole wodge of scripts from vbscripts to power script examples afaik

    Very useful site along with Windows Server 2008, Exchange advice. Help solving computer problems. VBScript

  13. #10
    pnlrogue1's Avatar
    Join Date
    Jul 2008
    Location
    Edinburgh, Scotland
    Posts
    72
    Thank Post
    37
    Thanked 5 Times in 3 Posts
    Rep Power
    13
    Quote Originally Posted by mac_shinobi View Post
    seems fine to me now - they have a password reset tool and a few others not to mention a whole wodge of scripts from vbscripts to power script examples afaik
    I still can't get to the page maybe the site doesn't like Google Chrome!

  14. #11

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,785
    Thank Post
    3,291
    Thanked 1,054 Times in 975 Posts
    Rep Power
    365
    Quote Originally Posted by pnlrogue1 View Post
    I still can't get to the page maybe the site doesn't like Google Chrome!
    Try firefox or something else

    works fine for me here

  15. Thanks to mac_shinobi from:

    pnlrogue1 (18th August 2009)

  16. #12
    pnlrogue1's Avatar
    Join Date
    Jul 2008
    Location
    Edinburgh, Scotland
    Posts
    72
    Thank Post
    37
    Thanked 5 Times in 3 Posts
    Rep Power
    13
    Quote Originally Posted by mac_shinobi View Post
    Try firefox or something else

    works fine for me here
    Must be Chrome then - I'll have a look later in IE/FF and see

    Thanks!

  17. #13
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,203
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Incidently on the sharing tab, make sure that everyone is granted full permissions. The NTFS permissions you set on the security tab will keep everyone out of places they shouldn't be, you can pretty much dis-regard the actual sharing permissions.
    Just one word of warning here I haven't tested this for a while but when we gave students full 'Share' permissions they could take ownership of their home folders and change NTFS permissions thus locking out admins and the backup software. This became a bit of a pain as I would then have to change the permissions back. If you give Everyone or Authenticated Users 'Change' 'Share' permissions then they cannot modify NTFS permissions.

  18. Thanks to cookie_monster from:

    pnlrogue1 (18th August 2009)

  19. #14
    pnlrogue1's Avatar
    Join Date
    Jul 2008
    Location
    Edinburgh, Scotland
    Posts
    72
    Thank Post
    37
    Thanked 5 Times in 3 Posts
    Rep Power
    13
    Quote Originally Posted by cookie_monster View Post
    Just one word of warning here I haven't tested this for a while but when we gave students full 'Share' permissions they could take ownership of their home folders and change NTFS permissions thus locking out admins and the backup software. This became a bit of a pain as I would then have to change the permissions back. If you give Everyone or Authenticated Users 'Change' 'Share' permissions then they cannot modify NTFS permissions.
    Thankfully, our students aren't smart enough for that!

    To be honest, our NM is checking through permissions and has, I think, locked students out of the permissions tab somehow but I'll check and follow that up

    Thanks!

  20. #15
    pnlrogue1's Avatar
    Join Date
    Jul 2008
    Location
    Edinburgh, Scotland
    Posts
    72
    Thank Post
    37
    Thanked 5 Times in 3 Posts
    Rep Power
    13
    Quote Originally Posted by srochford View Post
    so, how do you do all the folders in intake07 in 1 go? this is where simple batch commands come in. If you type:
    Code:
    E:
    cd \Users\Students\Work\Intake07\ 
    for /d %i in (*) do echo %i
    then you'll see a list of folders flash by
    Weirdly, this doesn't work as a .bat or .cmd but if I copy and paste it in to command prompt, it works flawlessly

    I love my network...

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. SIMS NTFS Permissions?
    By techyphil in forum MIS Systems
    Replies: 29
    Last Post: 1st March 2010, 12:54 PM
  2. Script to change NTFS permissions
    By FN-GM in forum Scripts
    Replies: 7
    Last Post: 20th March 2009, 11:03 AM
  3. Help with NTFS permissions problem...
    By kennysarmy in forum Windows
    Replies: 5
    Last Post: 7th February 2008, 02:29 PM
  4. C: drive NTFS permissions?
    By cookie_monster in forum Windows
    Replies: 4
    Last Post: 6th February 2008, 08:24 AM
  5. Mass setting NTFS permissions
    By localzuk in forum Windows
    Replies: 7
    Last Post: 8th January 2007, 04:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •