Mass Changing Home Folder Permissions

[Grommit]

Hi

Is there a way to change permissions en mass for Home Folder..

I need to delete a default (Administrator Group) and also change the users permission settings untick full control, untick Take Ownership and Untick Change Permissions on each folder

Any Idea ?

[3s-gtech]

Yes - give Wisesoft ntfsfix a go; it's ace, and free.

[GAS]

Hi Grommit,
If I understand your question correctly you require changing this permission on student home folders??
If they are on same folder make batch file as below (please edit before you do) and run cmd as administrator go to folder then run.
Hope this help.

for /f %%n in ('dir /ad /b') do cacls %%n /t /e /g %%n:c "Domain Admins":F "System":F "Administrator":F "Manage Student Data":C "Read Student Data":R

[mrbios]

I use setACL.exe for this along with batch files such as:
C:\setACL.exe -on H:\HOMEPATH\HOMEFOLDER -ot file -actn ace -ace "nOMAIN\STUDENTUSER;p:full" -ace "nOMAIN\DOMAINADMINS;p:full" -ace "nOMAIN\ITADMINS;p:full" -rec cont_obj -actn setprot -op "dacl_c;sacl_c" -actn trustee -trst n1OMAIN\STUDENTGROUP;ta:remtrst;w:dacl,sacl

Create a big batch file like that with 1 line per user and home folder (easily generated in excel using concatenate)

The exact permissions i have on home folders are: domain admins, individual student, IT Teachers group (they dip in to home folders on occasion) and i can't remember what i'm doing with the students group on there but im sure i had a reason, i think it's setting ownership but that might not be required in most cases as i think i did it for something that was annoying me.... lol EDIT: oh i also have account operators group but i'm unsure why i haven't set that in the setACL path, may be something i have inherited from above.

EDIT: omfg the smiles have attacked here's the same thing in code brackets:

Code:

C:\setACL.exe -on H:\HOMEPATH\HOMEFOLDER -ot file -actn ace -ace "n:DOMAIN\STUDENTUSER;p:full" -ace "n:DOMAIN\DOMAINADMINS;p:full" -ace "n:DOMAIN\ITADMINS;p:full" -rec cont_obj -actn setprot -op "dacl:p_c;sacl:p_c" -actn trustee -trst n1:DOMAIN\STUDENTGROUP;ta:remtrst;w:dacl,sacl

[Michael]

Have a look at Autoshare.

[jinnantonnixx]

I've had success with ICACLS with the "/reset /c /t" options. As long as you top level folder security is sensible, it will percolate through the lower levels resetting the inherited permissions for the profiles. This has got me out of a sticky situation with Windows 7's .V2 folders.