| Home | Register | Members | Search | Windows Vista Tips | File Database | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
On Fri, 30 Apr 2010 07:27:01 -0700, !ngeniuos <> wrote: >OS Win server2003 R2 > >We have a file server with Folders\Subfolder1\subfolder2 >I need to lock down these folder structures as : >1 - Only Administrators can create , move or delete "Folders" , >"Subfolder1" and "Subfolder2" >2 - Non admin members may not delete or move "Folders" , "Subfolder1" and >"Subfolder2" , bur they do have read permisions. >3 - Users can only create folders and files in "Subfolder2" The script below may get you started. It works when run on W2008 but does depend upon icacls (which is also in W2003) and run via a UNC path. It also references a security group "AllStaff" so you will need to modify it. >4 - Uses may edit files but not delete files in "Subfolder2" This cannot be done as programs such as Word deletes files as part of the edit process. If you deny delete permission then Word/Excel etc will fail. > >Is this possible ? If so how? >In NT4 this was a option box in the security settings at folder level - -----Start script--------- @ECHO OFF ECHO. ECHO. IF /I "%CD%" == "%windir%" GOTO NOMAP SET MyDir=%1 IF /I "%MyDir%" == "/?" GOTO Help IF /I "%MyDir%" == "" SET /P MyDir=Directory to set permissions for = IF /I "%MyDir%" == "" GOTO Help If EXIST "%MyDir%" GOTO RESETS ECHO Creating Folder "%MyDir%" MD "%MyDir%" GOTO SETPERM :RESETS ECHO Folder "%MyDir%" already exists/ :SETPERM ECHO. ECHO Setting permissions and sub-folders in folder "%MyDir%" ECHO. REM Department level permission can be inherited as these will be correct REM Create the sub folder structure (or just reset the permissions) SETLOCAL CD "%MyDir%" SET SubFold="SharedWork" If EXIST %SubFold% GOTO SETP1 MD %SubFold% :SETP1 Rem These permissions allow all users including Students to have modify access \\ad\storage\util\icacls %SubFold% /grant:r BUILTIN\Users  OI)(CI)(IO)(M)BUILTIN\Users OI)(CI)(W)SET SubFold="StaffOnly" If EXIST %SubFold% GOTO SETP2 MD %SubFold% :SETP2 Rem These permissions allow all Staff to have modify access and Student no access cscript //NoLogo \\ad\storage\util\xcacls.vbs staffonly /I COPY /Q \\ad\storage\util\icacls %SubFold% /grant:r AD\AllStaff OI)(CI)(IO)(M)AD\AllStaff OI)(CI)(RX,W) /remove BUILTIN\UsersSET SubFold="StudentResources" If EXIST %SubFold% GOTO SETP3 MD %SubFold% :SETP3 Rem These permissions allow all Staff to have modify access and Students to have read only access \\ad\storage\util\icacls %SubFold% /grant:r AD\AllStaff OI)(CI)(IO)(M)AD\AllStaff OI)(CI)(W)ECHO. ECHO. ECHO Folder setup completed. You must now setup quotas and usage reporting in FSRM pause GOTO :EOF :HELP ECHO. ECHO Argument 1 can be the name of the folder you wish to set up. ECHO If omited it is prompted for. ECHO e.g. SetFolderPerms "My Folder" ECHO. ECHO. pause GOTO :EOF :NOMAP ECHO. ECHO Error You must run this command from a mapped drive not a UNC path pause ------------End script---------- -- Dave Mills There are 10 types of people, those that understand binary and those that don't. |
|
|
|
|
|||
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Copying Shared folders and retaining share and file permissions | Bry M | Server Networking | 7 | 03-24-2010 01:12 PM |
| Move \Users folder once for all | Peter Meinl | Windows Vista Installation | 25 | 03-03-2010 01:37 AM |
| Error number 80073712 | naraku4656 | Windows Update | 51 | 02-18-2010 11:36 PM |
| Leftover folders after Microsoft Update | mme000 \(add @yahoo.it to my nick\) | Windows Update | 21 | 12-26-2009 10:11 PM |
| HELP sfc /scannow | William Beard | Windows Vista Performance | 17 | 05-11-2007 03:28 AM |
Linear Mode
