No announcement yet.

Scripting for users home folder new subdirectory

  • Filter
  • Time
  • Show
Clear All
new posts

  • Scripting for users home folder new subdirectory

    We have an upcoming archiving project which will archive, stub and remove the contents of our users' home folders (U:\ drive). The is an option to exclude a private folder. I've been able to create a new folder in a users home folder which they cannot rename or remove but they have full control of the contents of the new private folder which will not be archived.

    The private folder permissions are set as follows:
    • No inheritance
    • Domain Admin = Allow Full Control
    • %username% = Deny everything except "List folder /read data", "Create files / write data", "Create folders / append data" and "Delete Subfodlers and files" (This folder only)
    • %username% = Allow Full Control (Subfolders and files only)

    I need to be able to replicate the creation of this private folder to all of our users and lock down the folder so that only the Domain Admins can remove or rename the folder from their U:\ drive. The users need to be able to store whatever they do not want archived in this folder.

    I'm new to scripting and could use some assistance. Can anyone offer any suggestions?

  • #2
    Re: Scripting for users home folder new subdirectory

    You don't have to be too heavy on scripting for this. Icacls.exe is an NTFS utility that can set quite granular permissions.

    That will allow you to set the permissions granularly on a specific folder. I would test and compose the correct command line for from the info on this page:

    Then I would use Excel to create a list of usernames and insert the usernames into the command line. Put the usernames in Column A then use a formula to insert them into the command string in Column B. Then I copy the contents of Column B into a batch file. You have to do a find/replace to replace the tabs with spaces on the batch file, but then you can use it to set the permissions.


    • #3
      Re: Scripting for users home folder new subdirectory

      A for loop might be easier.

      If you have your icalc syntax correct then something like this would work:

      :: Change the path to the location where your user folders are
      set _usersPath="D:\Users" 
      for /f %A in ('dir /b %_usersPath%') do (
        icacls %_usersPath%\%A\private [specify icacls options here]

      Network Consultant/Engineer
      Baltimore - Washington area and beyond