modifying NTFS permissions

G

Guest

Hi all

I have a windows 2003 server that is part of a NT domain. On this server are
users home fodler. There is a share on the server called "home" The share
permissions on this folder is domain users read access and the NTFS
permissions has the domain users group with the read and lsit folder contents
permissions. What i need to do is modify all the sub folders of the users
directory so that only the domain admins and the user account that matches
the folder name are listed in the NTFS permissions. All home folders match
the users NT account. Is there a tool that i can use that will allow me to
modify each sub direcotry so that only the domain admins and the user account
have full access. I tried using but the script did not run.
http://support.microsoft.com/Default.aspx?kbid=180464

Thanks

Skip
 
J

Jerold Schulman

Hi all

I have a windows 2003 server that is part of a NT domain. On this server are
users home fodler. There is a share on the server called "home" The share
permissions on this folder is domain users read access and the NTFS
permissions has the domain users group with the read and lsit folder contents
permissions. What i need to do is modify all the sub folders of the users
directory so that only the domain admins and the user account that matches
the folder name are listed in the NTFS permissions. All home folders match
the users NT account. Is there a tool that i can use that will allow me to
modify each sub direcotry so that only the domain admins and the user account
have full access. I tried using but the script did not run.
http://support.microsoft.com/Default.aspx?kbid=180464

Thanks

Skip
Click to expand...
Set the share permissions to "Authenticated Users" Full Control.

Set the NTFS permission on for the "home" folder to Administrator and Creator Owner Full Control.
Propogate to all sub-folders.

Set each user as the owner of their own folder.
Use subInACL from tip 8530 in the 'Tips & Tricks' at http://www.jsiinc.com
Assume the local path to 'home" is c:\home

@echo off
setlocal
for /f "Tokens=*" %%a in ('dir c:\home /b /s /AD') do (
set folder=%%a
call :setowner
)
endlocal
goto :EOF
:setowner
for /f "Tokens=3 Delims=\" %%b in ('@echo %folder%') do (
subinacl /subdirectories "%folder%\*.*" /setowner="DomainName\%%b"
)



Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Shared Folder permissions 2
NTFS vs Shared Permissions 2
changing permisions from a client station on a network server share 1
folder permissions and directory listing 1
NTFS Permissions - Sub-Folders 4
Random files losing NTFS Permissions 2
Cannot add Domain local groups to NTFS permission lists 0
shared folders best practices** 1

Top