hello,
i got a folder called "profiles" and inside this folder are 100+ profile folders of users, each user has it's own folder.
when i want to access a profile folder of a user, i first have to take ownership off the folder and then i have to give the administrators group full permission.
after i have done this, i have to change the ownership back to the original owner.
beacaus there are over 100 folders it is a lot of work to do this manually
so can someone tell me how i can write a .bat script to automate this process
i have never made a .bat script before.
in my opinion it has to be some kind of loop that checks folder by folder inside the c:\profiles folder. change the owner to administrator, give the administrors full controll and then change the owner back to the original user.
if someone could help me or give me some tips i would appreciate it very much
thanks
ownership + permission script
Moderator: DosItHelp
Re: ownership + permission script
'
Take a look at the 'Cacls /?' command, that should do the trick
You may or may not need a separate confirmation file ( if you experience problems )
Take a look at the 'Cacls /?' command, that should do the trick
Code: Select all
cacls %%? /t /e /c /p "!Group!":F
Code: Select all
> "%%~!" (echo.j)
cacls %%? /t /e /c /p "!Group!":F < "%%~!"
-
tonysathre
- Posts: 14
- Joined: 20 Mar 2012 10:07
Re: ownership + permission script
Are you using Active Directory? You should store the profiles on a network share so this wouldn't wouldn't be an issue.
On Windows 7:
Tony
On Windows 7:
Code: Select all
@echo off
icacls c:\profiles\* /save ACLs /T
takeown /f /r /a /d y c:\profiles\*
do stuff...
icacls c:\profiles\ /restore ACLs
Tony
Re: ownership + permission script
hello
the folder c:\profiles is a shared network folder, however the problem is that i'm performing a migration of users/computers objects with the active directory migration tool. In order to migrate the roaming profiles, the administrator group needs to have full control.
i don't understand much about batch scripting, but what do you think of this:
@echo off
icacls c:\profiles\* /save ACLs /T
takeown /f /r /a /d y c:\profiles\*
cacls %%? /t /e /c /p "!administrators!":F
icacls c:\profiles\ /restore ACLs
if i can follow, you first save the permissions and ownership that are applied to the folders inside the profiles folder
after that you take ownership of all the folders inside the profiles folder
where you place the "do stuff" i placed the "cacls %%? /t /e /c /p "!administrators!":F" because i want to gave the administrators group full controll
after this you restore the permissions/ownership back to the state like in the beginning
if i am correct this allso deletes the administrators group who i have granted full control
because i only want that the owner will be changed back to the original owner, the permissions of the administrators group must stay.
thanks for the given replies
the folder c:\profiles is a shared network folder, however the problem is that i'm performing a migration of users/computers objects with the active directory migration tool. In order to migrate the roaming profiles, the administrator group needs to have full control.
i don't understand much about batch scripting, but what do you think of this:
@echo off
icacls c:\profiles\* /save ACLs /T
takeown /f /r /a /d y c:\profiles\*
cacls %%? /t /e /c /p "!administrators!":F
icacls c:\profiles\ /restore ACLs
if i can follow, you first save the permissions and ownership that are applied to the folders inside the profiles folder
after that you take ownership of all the folders inside the profiles folder
where you place the "do stuff" i placed the "cacls %%? /t /e /c /p "!administrators!":F" because i want to gave the administrators group full controll
after this you restore the permissions/ownership back to the state like in the beginning
if i am correct this allso deletes the administrators group who i have granted full control
because i only want that the owner will be changed back to the original owner, the permissions of the administrators group must stay.
thanks for the given replies
Re: ownership + permission script
hello,
i managed to try out some code, the only problem i have is saving the OWNER of a file, and when all changes are made restoring the OWNER
@echo off
**** i need to save the current user of the folder here******
takeown /F c:\profiles\* /A
icacls c:\profiles\* /grant administrators:(F)
*****i need to restore the users i saved above here********
i managed to try out some code, the only problem i have is saving the OWNER of a file, and when all changes are made restoring the OWNER
@echo off
**** i need to save the current user of the folder here******
takeown /F c:\profiles\* /A
icacls c:\profiles\* /grant administrators:(F)
*****i need to restore the users i saved above here********
Re: ownership + permission script
typo i meant owner instead of user