Theres a few posts about this. See my post at the end of this thread:
Home Area Permissions
Ok, we have around 100 pupils on our network with a home directory for each user under the home$ share :
THe permissions are wrong on the majority of these folders and I need to reset them so that the administrator has full control, the teachers group has RW and the actual pupil has RW.
Has anyone got a script that will reset these permissions for me automatically, Its easy enough to add a specific group, but I am struggling to go through the whole structure with a script and set the permission for the specific pupil for their specific home folder.
Please help !
Thanks, I did look at this but wasn't quite sure if it would do what I required:
for /D %%i in (*) do ( subinacl /file %%i /grant=yourdomain\%%i=C "/grant=yourdomain\domain admins=f" /grant=yourdomain\AreaViewer=c /setowner=yourdomain\%%i
subinacl /subdirectories %%i\* /grant=yourdomain\%%i=f "/grant=yourdomain\domain admins=f" /grant=yourdomain\AreaViewer=r /setowner=yourdomain\%%i )
I presume you run this from the c:\home folder (or whichever folder is the root of your home drives) and then it runs through all the subfolders setting the permissions according to the name of the sub folder, i.e. fred gets permission over the fred folder, bill gets permission over the bill folder etc, is that correct?
P.S. Whats the AreaViewer part?
Before you do this, can I query giving teachers RW on pupil folders. At Primary level, it's rarely a problem.
At secondary level you need to be very wary. Exam boards take a dim view of teachers being able to modify students' course work. "We'd never do that" isn't an exceptable excuse to them.
Hi, yes it's just a primary school.
I think the area view is a account that has perms to view all pupils areas, you would most likley want to add teachers that needed view access to pupils folders.
Thanks all, I used the script above and it worked a dream.
Sorry been busy today. Areaviewer was the group someone else was asking about when I wrote the example. In my case it would be teachers and read only.
The one on the wiki was originally written by me but the subinacl one works a lot better.
Last edited by ChrisH; 27th March 2008 at 06:17 PM.
@ elsiegee40:Do they? I didn't know that, i thought RM networks allowed this level of access to staff. Do exam boards provide this info in a policy?Exam boards take a dim view of teachers being able to modify students' course work
Also worth checking out... a great little app called Active User Manager. Used to cost - but now free from Mikey Magic's Web Site - Active User Manager for Windows 2000 & 2003 Active Directory (AD). We use it for managing the whole user list for AD.
Some handy features including reset permissions. More info on their site.
There are currently 1 users browsing this thread. (0 members and 1 guests)