Re: Script to set user permissions

From: "Al Dunbar" <alandrub@xxxxxxxxxxx>
Date: Tue, 3 Feb 2009 20:39:17 -0500

"NZSchoolTech" <nzschooltech@xxxxxxxxxxxx> wrote in message
news:eS8vKmqgJHA.5844@xxxxxxxxxxxxxxxxxxxxxxx

I've had to set up a new server after a disk crash. We had backups of all
of the home directories of our users, but we lost all of the ACLs because
these were not backed up in any form.

The situation is that I now have 250 home directories all named by a user,
and none of those users can access their own directory unless I set their
permissions on each one.

Since I don't want to have to do 250 permissions entries by hand, I need a
script that can do it for me. The following is what is relevant to the
script:

1. We can easily put all of the affected accounts into a special OU just
for this script, so that the script doesn't need to have any filtering in
it for what users it is working on.
2. The user's home directory is stored in their ADUC account as the Home
Folder, whereby we have configured for drive H to be connected to this
folder. It should therefore be possible to read this attribute to find the
path that the ACE needs to be set on.
3. The permissions need to be Modify, and need to be made inheritable, and
to propagate automatically to existing files.

I think that covers enough info to be able to put a script together. I
haven't done any scripting for years, although I'm an experienced
programmer, and have mislaid the original scripts I wrote way back when we
needed to create many of those user accounts automatically from a CSV
file.

Therefore any assistance this group can give in the form of a script
outline would be most appreciated.

If the name of the folder is identical to the sAMAccountName of the user
account, there is a simpler method. First, apply the standard admin
permissions to the folder containing the user home folders, and force this
to be replicated to all contained folders. Then run a batch script such as
this:

for /d %%D in ("D:\users\*.*") do (
echo/cacls "%%~dpnxF" /g %%~nF:C /t
)

if you are happy with the cacls commands displayed, change "echo/cacls" to
"cacls".

/Al

.

Follow-Ups:
- Re: Script to set user permissions
  - From: acray

Prev by Date: Re: Script for deleting folders + content in root of D:\ after # days
Next by Date: Re: Script to set user permissions
Previous by thread: Re: Script for deleting folders + content in root of D:\ after # days
Next by thread: Re: Script to set user permissions
Index(es):
- Date
- Thread

Relevant Pages

Re: Home Directory Re-Permissions and Reset Profile
... Anyway, regarding the home folders, the main problem I can see, is that you could end up with hundreds of thousands of broken SIDs if you're not careful. ... If you don't care about existing permissions, and it sounds like you don't, then consider zapping ALL ACLs from all home directories except for Everyone:F before the move, then just create new permission trees as needed. ... One solution to this is to do it on a folder by folder basis, that way if it crashes, you only have to worry about one ... Under normal circumstances the tool would take care of moving the user and repermissioning all the directories, but due to the extremem cost we couldn't buy it for all of our users so our seasonal user accounts are not covered. ...
(microsoft.public.windows.server.scripting)
Script to set user permissions
... The situation is that I now have 250 home directories all named by a user, and none of those users can access their own directory unless I set their permissions on each one. ... Since I don't want to have to do 250 permissions entries by hand, I need a script that can do it for me. ... We can easily put all of the affected accounts into a special OU just for this script, so that the script doesn't need to have any filtering in it for what users it is working on. ...
(microsoft.public.windows.server.scripting)
Modify permissons on users directories
... I've created 2000+ home directories using a script. ... admin group without changing other permissions. ... inherit permissions from the main users folder it will remove user rights to ...
(microsoft.public.windows.server.active_directory)
Re: User account and Personal folder mismatch script
... I believe you want a script that can be run by an administrator that will ... The script above only documents if a home folder has been assigned. ... > End Sub ...
(microsoft.public.scripting.vbscript)
Input on CleanUp script
... Since I'm going to be using this script in a production environment, ... If the script is used with a backup folder ... var strTargetFolder, strBackupFolder, args0, args1, args2, noArgs; ...
(microsoft.public.scripting.wsh)