Announcement

Collapse
No announcement yet.

Reassigning permissions on File server via script

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reassigning permissions on File server via script

    I have inherited a server, with ~800 user's home directories. Everyone has FULL access to everyone else's home directory.

    I am looking for a script (possible ACL) that will allow me to REMOVE everyone full acess and assign full access to only the user who's ID matches that folder name. I would also like to give Administrators permssions to browse the folders.

    I need a script that can to 800 of these instead of having to do this manually. I would appreciate any help. Have a great day! Thanks, Jessica

  • #2
    Re: Reassigning permissions on File server via script

    You can sort some things out with xcalcs

    also see for some info here:
    http://www.experts-exchange.com/Secu..._21019361.html
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Reassigning permissions on File server via script

      I was hoping for a script that I could modify to fit servernames and usernames in my environment and of course...a free solution!

      Comment


      • #4
        Re: Reassigning permissions on File server via script

        heres a vb script i wrote that'll do it


        Set FSO = CreateObject("Scripting.FileSystemObject")
        set WshShell = WScript.CreateObject("WScript.Shell")
        quotes = """"

        set FolderLocation = fso.getfolder("Folder Location Here")
        DomainName = "Your Domain Name Here"
        for each folder in folderlocation.subfolders
        wshshell.run "C:\windows\system32\cmd.exe /c echo Y|cacls.exe " & folderlocation & "\" & folder.name & " /g " & domainname & quotes & "\Domain Admins" & quotes & ":F"
        wshshell.run "C:\windows\system32\cmd.exe /c echo Y|cacls.exe " & folderlocation & "\" & folder.name & " /E /g " & domainname & "\" & folder.name & ":F"

        next
        MCSE 2000\2003, A+
        00000001-00000011-00000011-00000111

        Comment


        • #5
          Re: Reassigning permissions on File server via script

          OK...this is the one I wrote using xcacls. Thanks for the point in the right direction. It took forever, but it works.

          xcacls directoryname /G domainname\user_account_id:F;F /E

          The /G gives rights to whatever user you specify
          The :F determines what level of access they have on the current folder
          The ;F determines what level of access they will have going foward.
          The /E (Very important), appends to the EXISTING rights.

          There is also a /R switch that will remove these rights. Read about xcalcs. A bit cryptic at first, but great to do this!

          For doing 800 of them, I piped a DIR on my user list to a text file, did a "Find and Replace" in Word and then did a Word mail merge to change all of my user ids to 800 I exported.

          I then renamed the Word doc to .bat and ran it on the server in the directory where xcacls was.

          I'm quite sure there is a more simple way to run the command, changing in and out user ids through a process, but I don't know how or I would have! So, instead, I have the 800 line .bat file that...WORKS!!!

          Comment


          • #6
            Re: Reassigning permissions on File server via script

            This one-liner works too

            Code:
            for /d %i in (*) do @xcacls %i /C /G %userdomain%\%i:F;F /Y & xcacls %i /E /C /G %userdomain%\Administrator:F;F
            (should be executed in the directory in which the user directories reside.)
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment

            Working...
            X