Re: Script to set share permissions on home directories

"Greenmynci" <> wrote in message
news:...
>
> I have a directory with ~1600 home folders in it that have incorrect
> share permissions - currently set to :
>
> Administrators - full control
> Everyone - Read
>
> whereas i need them all to be
>
> Administrators - full control
> Everyone - Change / Read
>
> NTFS permissions are fine, its just the share permissions that need
> changing. Does anyone know of a script or method to set these
> permission en masse ?

I might have something at work and will look it up tomorrow. In the
meantime, are the share names identical to the foldernames? If so, whatever
command (probably NET SHARE) will be used will be able to deduce the
sharename from the folder name as in:

for /d %%F in (\\server\users$\*) do (
NET SHARE %n$ etc...

Alternately, if all of your client O/S's are NT-based, you could modify the
home folder attribute from something like:

\\server\username$

to:

\\server\users$\username

Once that is done, you could delete the shares.


/Al

"Greenmynci" <> wrote in message
news:...
>
> The folders are named after user id's ie
>
> 10445634
> 16482826
> 18457358
> etc.
>
> the respective shares are
>
> 10445634$
> 16482826$
> 18457358$
>
> I can't change the parent folder structure (D:\users\<homefolder>) ,as
> the home folders are created using a import script which relies on a
> fixed path and is out of my control.
>
> Thanks for your help with this.

Sorry, but I could not find what I said I might have at work regarding
setting permissions on shares. I might have been thinking of folders when I
said that.

That said, if your import script creates the folders, and presumably shares
them and applies the permissions, does it also set the user's account to
reference that share?

Regardless, if you can modify the home folder attribute of the user accounts
from \\server\usernameshare$ to give a UNC path to the folder, then the
permissions on the share will have no effect.

For example, my home folder is contained in folder "E:\Users\", which is
shared as \\servername\users$. My home folder was originally shared out
separatley as something like \\servername\Al$, which is the value that was
originally used for my home folder attribute.

Without changing anything on the fileserver, I was able to change the home
folder attribute from \\servername\Al$ to \\servername\Users$\Al. Of course,
we did this, not just for me, but for all users. We then deleted all the
individual shares as they were no longer required.

The benefits:

- fewer shares need to be defined on the server;
- we do not need to remember to modify the share as required when a home
folder is delete, renamed, or relocated;
- we never have orphaned shares to delete.

the only problem I am aware of:

- not well supported on w98 clients.


/Al

Al Dunbar <> wrote:
> "Greenmynci" <> wrote in message
> news:...
>>
>> The folders are named after user id's ie
>>
>> 10445634
>> 16482826
>> 18457358
>> etc.
>>
>> the respective shares are
>>
>> 10445634$
>> 16482826$
>> 18457358$
>>
>> I can't change the parent folder structure (D:\users\<homefolder>)
>> ,as the home folders are created using a import script which relies
>> on a fixed path and is out of my control.
>>
>> Thanks for your help with this.
>
> Sorry, but I could not find what I said I might have at work regarding
> setting permissions on shares. I might have been thinking of folders
> when I said that.
>
> That said, if your import script creates the folders, and presumably
> shares them and applies the permissions, does it also set the user's
> account to reference that share?
>
> Regardless, if you can modify the home folder attribute of the user
> accounts from \\server\usernameshare$ to give a UNC path to the
> folder, then the permissions on the share will have no effect.
>
> For example, my home folder is contained in folder "E:\Users\", which
> is shared as \\servername\users$. My home folder was originally
> shared out separatley as something like \\servername\Al$, which is
> the value that was originally used for my home folder attribute.
>
> Without changing anything on the fileserver, I was able to change the
> home folder attribute from \\servername\Al$ to
> \\servername\Users$\Al. Of course, we did this, not just for me, but
> for all users. We then deleted all the individual shares as they were
> no longer required.
> The benefits:
>
> - fewer shares need to be defined on the server;
> - we do not need to remember to modify the share as required when a
> home folder is delete, renamed, or relocated;
> - we never have orphaned shares to delete.
>
> the only problem I am aware of:
>
> - not well supported on w98 clients.
>
>
> /Al

Hear, hear. I don't even use home directories anymore (folder redirection
via group policy works a lot more easily). But even so, no individual user
shares. They are an absolute nightmare to manage.