Scripted directory permission configuration

I know the Windows Server forum is ---> somewhere...
though I figured I'd throw this thread under Win7 'cause it still applies.


I have 100+ users, all with AD accounts.
I would like to create a script, or at least find a dynamic way to create user-directories in a shared resource to the following (beyond 'home folders'):
(ex: path - permissions)
\<username> - <group>=read/execute, owner=full
\<username>\Public - <group>=read/write/exectue, owner=full
\<username>\Dropbox - <group>=write only (drop-box), owner=full

The idea is such that the users' root directory would contain content intended to be shared by the owner, and without potential to become filled with unintentional content
Pub is for shared / collaborated content, extra stuff, subjected to extra 'junk'...
The Dropbox would be left for providing a protected space to only the owner, with expectation of privacy.

I can manually grind out this configuration one user at a time, however I would like to know if anyone knows of any AD tools that might be out there to do this...
If anyone knows of DOS /command-switches that would allow creating, and modifying directory-structure security permissions to which I could use %'s and auto-input from a text-list of user-names...

Thanks in advance
2 answers Last reply
More about scripted directory permission configuration
  1. Look at the "cacls" command.
  2. Awesome, I don't know how I didn't know about it...


    cacls \<username> /g <domain>\<username>:f

    I believe I could automate nightly (or even hourly) which would poll my AD group to generate a list of names into a txt file, then write a batch to import those names to create new entries, omitting any existing directories, and to disable any non-existant names to preserve integrity against moved / unauthorized objects (accounts).

    Gonna give it a try.... Thanks!
Ask a new question

Read More

Security Windows Server Configuration Windows 7