How To Automate Folder Permissions

ID: Q180464


The information in this article applies to:


SUMMARY

It is sometimes necessary to assign permissions to a folder so that a particular User and the Administrators group can administer it, as in the case of Users Home Directories.


RESOLUTION

Using the following 3 files (Addperm.cmd, Addperm2.cmd, and Yes.txt) you can add the Administrators Group and the User (whose logon name must be the same as the folder name) to the Access Control List (ACL) on the folder. This method only uses CACLS; no resource kit utilities are needed.

NOTE: This article assumes you have a USERS share with individual directories in it.

Either re-type or Copy and Paste the following information into a file called Addperm.cmd in the root directory of the drive that has the USERS directory.

ADDPERM.CMD


REM You can delete/REM the following line for troubleshooting.
@echo off
IF (%1)==() GOTO NoArgs
Echo Creating directory listing...
dir %1 > dir.txt
for /F "skip=7  delims=  tokens=4" %%a in (dir.txt) do call addperm2.cmd %1
%%a
echo ---------
echo - Finished.
echo ---------
GOTO End
:NoArgs
ECHO usage: ADDPERM <Drive:\Directory of Users Parent Folder>
ECHO.
:End
del dir.txt 
Either re-type or Copy and Paste the following information into a file called ADDPERM2.CMD in the root directory of the drive that has the USERS directory.

ADDPERM2.CMD


if %2==bytes GOTO :End
cacls %1\%2 /T /G Administrators:F %2:F < \yes.txt
:End 

YES.TXT

The third file is a little more difficult.

Open a Command Prompt (Cmd.exe) and change directories to the root directory of the drive you have saved the other two files to.

Type the following:

COPY CON YES.TXT <press the enter key>
y<press the enter key>
<Press Control-Z to exit and save the file>


This will create a text file with the Y and ENTER needed to automate the CACLS command.

To use the batch files type: addperm c:\USERS


MORE INFORMATION

These batch files can easily be altered to add different permissions to the directories. The /T switch instructs CACLS to change the permissions on all subfolders if the users folder has them.

If a user account does not match the name of the directory you will receive the error:

No mapping between account names and security IDs was done.

Additional query words: processing process automate


Keywords          : ntdomain kbhowto 
Version           : WinNT:3.51,4.0
Platform          : winnt 
Issue type        : kbinfo 

Last Reviewed: April 21, 1999