Sign in with
Sign up | Sign in
Your question

modifying NTFS permissions

Last response: in Windows 2000/NT
Share
Anonymous
October 18, 2004 11:11:03 PM

Archived from groups: microsoft.public.win2000.file_system (More info?)

Hi all

I have a windows 2003 server that is part of a NT domain. On this server are
users home fodler. There is a share on the server called "home" The share
permissions on this folder is domain users read access and the NTFS
permissions has the domain users group with the read and lsit folder contents
permissions. What i need to do is modify all the sub folders of the users
directory so that only the domain admins and the user account that matches
the folder name are listed in the NTFS permissions. All home folders match
the users NT account. Is there a tool that i can use that will allow me to
modify each sub direcotry so that only the domain admins and the user account
have full access. I tried using but the script did not run.
http://support.microsoft.com/Default.aspx?kbid=180464

Thanks

Skip
Anonymous
October 19, 2004 11:47:02 AM

Archived from groups: microsoft.public.win2000.file_system (More info?)

On Mon, 18 Oct 2004 19:11:03 -0700, "Skipster" <Skipster@discussions.microsoft.com> wrote:

>Hi all
>
>I have a windows 2003 server that is part of a NT domain. On this server are
>users home fodler. There is a share on the server called "home" The share
>permissions on this folder is domain users read access and the NTFS
>permissions has the domain users group with the read and lsit folder contents
>permissions. What i need to do is modify all the sub folders of the users
>directory so that only the domain admins and the user account that matches
>the folder name are listed in the NTFS permissions. All home folders match
>the users NT account. Is there a tool that i can use that will allow me to
>modify each sub direcotry so that only the domain admins and the user account
>have full access. I tried using but the script did not run.
>http://support.microsoft.com/Default.aspx?kbid=180464
>
>Thanks
>
>Skip
>
Set the share permissions to "Authenticated Users" Full Control.

Set the NTFS permission on for the "home" folder to Administrator and Creator Owner Full Control.
Propogate to all sub-folders.

Set each user as the owner of their own folder.
Use subInACL from tip 8530 in the 'Tips & Tricks' at http://www.jsiinc.com
Assume the local path to 'home" is c:\home

@echo off
setlocal
for /f "Tokens=*" %%a in ('dir c:\home /b /s /AD') do (
set folder=%%a
call :setowner
)
endlocal
goto :EOF
:setowner
for /f "Tokens=3 Delims=\" %%b in ('@echo %folder%') do (
subinacl /subdirectories "%folder%\*.*" /setowner="DomainName\%%b"
)



Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
!