Posts Tagged NTFS

If your company’s share folders are anything like most companies I’ve worked for, the folder permissions are in disarray. I’m currently working on a project to fix access to these shares and also set up ABE (more about this in a future blog). There are not many free tools for setting NTFS permissions and if you change folder permissions with several folders deep across a WAN, it could take hours and hang the session (even pegging the processor at 100% in the process). You could write a script, but setting permissions with something like VB script is complicated. So, what’s the solution? I used a combination of shell scripting and a tool from the resource kit, xcacls.vbs. This is not to be confused with xcacls.exe which came with the 2000 resource kit. The executable version does not work well with Windows Server 2003 — it adds the ACEs in an incorrect order. Microsoft now recommends using xcacls.vbs instead. Here is the script that I wrote to standardize the user’s root home directory across about a hundred servers.

@echo off
REM define the input file
REM (This is a text file with a line delimited list of machine names.)
REM Add to command line parameter. Example: changeperms.cmd inputlist.txt
set sharelist=%1

:MAIN
REM This is the part of the script that will perform the looping
for /f "tokens=*" %%i in (%sharelist%) do @set share=%%i&& call :UPDATE
REM This will end the script and keep it from re-looping the last line
Goto :EOF

:UPDATE
Echo Updating %SHARE%
REM This is the core of the script that sets permissions
REM XCACLS.vbs can be found in the Server 2003 Resource Kit
xcacls.vbs "%Share%" /P Everyone:L BUILTIN\Administrators:F /I Remove /L Logfile.txt
REM Loop to next computer in list
GOTO :EOF

To download XCACLS.vbs and to acquire syntax help. Go here.