J
joost.bouckenooghe
Hi all
I want to lock most of our users out of creating folders. Only
teamleaders/managers are allowed to create folders. This way we hope
to force people using a clear structure instead of creating duplicates
all over the network.
We use a batch file where $1 equals the security group in AD and the
name of the folder for that division.
\\SERVER\d$\xcacls "G:\%~1\Private" /G "DOMAIN\Administrators":F;F
"DOMAIN\%~1-FC":M;M "DOMAIN\%~1":BA987654321;BA9865421 /I REMOVE
Administrators: ICT
$1-FC: teamleaders/management (can create folders)
$1: users who can delete write read execute files but cannot create
folders at all.
I use the REMOVE switch because the folder is created earlier on in
the script as well, and it takes over the security of the root folder.
This works like a charm except one tiny thing:
For $1 security is only set to "this folder only".
Is there anyone who has an idea on how to force xcacls.vbs to apply
all these settings to all files, folders and subfolders?
I'd be grateful
I want to lock most of our users out of creating folders. Only
teamleaders/managers are allowed to create folders. This way we hope
to force people using a clear structure instead of creating duplicates
all over the network.
We use a batch file where $1 equals the security group in AD and the
name of the folder for that division.
\\SERVER\d$\xcacls "G:\%~1\Private" /G "DOMAIN\Administrators":F;F
"DOMAIN\%~1-FC":M;M "DOMAIN\%~1":BA987654321;BA9865421 /I REMOVE
Administrators: ICT
$1-FC: teamleaders/management (can create folders)
$1: users who can delete write read execute files but cannot create
folders at all.
I use the REMOVE switch because the folder is created earlier on in
the script as well, and it takes over the security of the root folder.
This works like a charm except one tiny thing:
For $1 security is only set to "this folder only".
Is there anyone who has an idea on how to force xcacls.vbs to apply
all these settings to all files, folders and subfolders?
I'd be grateful