Posts Tagged Permissions
If your company’s share folders are anything like most companies I’ve worked for, the folder permissions are in disarray. I’m currently working on a project to fix access to these shares and also set up ABE (more about this in a future blog). There are not many free tools for setting NTFS permissions and if you change folder permissions with several folders deep across a WAN, it could take hours and hang the session (even pegging the processor at 100% in the process). You could write a script, but setting permissions with something like VB script is complicated. So, what’s the solution? I used a combination of shell scripting and a tool from the resource kit, xcacls.vbs. This is not to be confused with xcacls.exe which came with the 2000 resource kit. The executable version does not work well with Windows Server 2003 — it adds the ACEs in an incorrect order. Microsoft now recommends using xcacls.vbs instead. Here is the script that I wrote to standardize the user’s root home directory across about a hundred servers.
@echo off REM define the input file REM (This is a text file with a line delimited list of machine names.) REM Add to command line parameter. Example: changeperms.cmd inputlist.txt set sharelist=%1
:MAIN REM This is the part of the script that will perform the looping for /f "tokens=*" %%i in (%sharelist%) do @set share=%%i&& call :UPDATE REM This will end the script and keep it from re-looping the last line Goto :EOF
:UPDATE Echo Updating %SHARE% REM This is the core of the script that sets permissions REM XCACLS.vbs can be found in the Server 2003 Resource Kit xcacls.vbs "%Share%" /P Everyone:L BUILTIN\Administrators:F /I Remove /L Logfile.txt REM Loop to next computer in list GOTO :EOF
To download XCACLS.vbs and to acquire syntax help. Go here.