Script to set user permissions

Discussion in 'Scripting' started by NZSchoolTech, Jan 30, 2009.

  1. NZSchoolTech

    NZSchoolTech Guest

    I've had to set up a new server after a disk crash. We had backups of all of
    the home directories of our users, but we lost all of the ACLs because these
    were not backed up in any form.

    The situation is that I now have 250 home directories all named by a user,
    and none of those users can access their own directory unless I set their
    permissions on each one.

    Since I don't want to have to do 250 permissions entries by hand, I need a
    script that can do it for me. The following is what is relevant to the

    1. We can easily put all of the affected accounts into a special OU just for
    this script, so that the script doesn't need to have any filtering in it for
    what users it is working on.
    2. The user's home directory is stored in their ADUC account as the Home
    Folder, whereby we have configured for drive H to be connected to this
    folder. It should therefore be possible to read this attribute to find the
    path that the ACE needs to be set on.
    3. The permissions need to be Modify, and need to be made inheritable, and
    to propagate automatically to existing files.

    I think that covers enough info to be able to put a script together. I
    haven't done any scripting for years, although I'm an experienced
    programmer, and have mislaid the original scripts I wrote way back when we
    needed to create many of those user accounts automatically from a CSV file.

    Therefore any assistance this group can give in the form of a script outline
    would be most appreciated.


    NZSchoolTech, Jan 30, 2009
    1. Advertisements

  2. NZSchoolTech

    Al Dunbar Guest

    If the name of the folder is identical to the sAMAccountName of the user
    account, there is a simpler method. First, apply the standard admin
    permissions to the folder containing the user home folders, and force this
    to be replicated to all contained folders. Then run a batch script such as

    for /d %%D in ("D:\users\*.*") do (
    echo/cacls "%%~dpnxF" /g %%~nF:C /t

    if you are happy with the cacls commands displayed, change "echo/cacls" to

    Al Dunbar, Feb 4, 2009
    1. Advertisements

  3. Interesting. Can you give an example or quote an authoritative source for
    this claim?
    Pegasus \(MVP\), Feb 4, 2009
  4. NZSchoolTech

    Al Dunbar Guest

    That is why I suggested the first step of setting background admin
    permissions and replicating them from windows explorer - in the hope that
    this would configure subfolders to inherit all permissions.

    Al Dunbar, Feb 4, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.