modifying NTFS permissions

Archived from groups: microsoft.public.win2000.file_system (More info?)

Hi all

I have a windows 2003 server that is part of a NT domain. On this server are
users home fodler. There is a share on the server called "home" The share
permissions on this folder is domain users read access and the NTFS
permissions has the domain users group with the read and lsit folder contents
permissions. What i need to do is modify all the sub folders of the users
directory so that only the domain admins and the user account that matches
the folder name are listed in the NTFS permissions. All home folders match
the users NT account. Is there a tool that i can use that will allow me to
modify each sub direcotry so that only the domain admins and the user account
have full access. I tried using but the script did not run.
http://support.microsoft.com/Default.aspx?kbid=180464

Thanks

Skip
1 answer Last reply
More about modifying ntfs permissions
  1. Archived from groups: microsoft.public.win2000.file_system (More info?)

    On Mon, 18 Oct 2004 19:11:03 -0700, "Skipster" <Skipster@discussions.microsoft.com> wrote:

    >Hi all
    >
    >I have a windows 2003 server that is part of a NT domain. On this server are
    >users home fodler. There is a share on the server called "home" The share
    >permissions on this folder is domain users read access and the NTFS
    >permissions has the domain users group with the read and lsit folder contents
    >permissions. What i need to do is modify all the sub folders of the users
    >directory so that only the domain admins and the user account that matches
    >the folder name are listed in the NTFS permissions. All home folders match
    >the users NT account. Is there a tool that i can use that will allow me to
    >modify each sub direcotry so that only the domain admins and the user account
    >have full access. I tried using but the script did not run.
    >http://support.microsoft.com/Default.aspx?kbid=180464
    >
    >Thanks
    >
    >Skip
    >
    Set the share permissions to "Authenticated Users" Full Control.

    Set the NTFS permission on for the "home" folder to Administrator and Creator Owner Full Control.
    Propogate to all sub-folders.

    Set each user as the owner of their own folder.
    Use subInACL from tip 8530 in the 'Tips & Tricks' at http://www.jsiinc.com
    Assume the local path to 'home" is c:\home

    @echo off
    setlocal
    for /f "Tokens=*" %%a in ('dir c:\home /b /s /AD') do (
    set folder=%%a
    call :setowner
    )
    endlocal
    goto :EOF
    :setowner
    for /f "Tokens=3 Delims=\" %%b in ('@echo %folder%') do (
    subinacl /subdirectories "%folder%\*.*" /setowner="DomainName\%%b"
    )


    Jerold Schulman
    Windows: General MVP
    JSI, Inc.
    http://www.jsiinc.com
Ask a new question

Read More

Permissions Domain NTFS Windows Server 2003 Servers Windows