How To Automate Folder Permissions

Article translations Article translations
Article ID: 180464 - View products that this article applies to.
This article was previously published under Q180464
Expand all | Collapse all

On This Page


It is sometimes necessary to assign permissions to a folder so that a particular User and the Administrators group can administer it, as in the case of Users Home Directories.


Using the following three files (Addperm.cmd, Addperm2.cmd, and Yes.txt) you can add the Administrators Group and the User (whose logon name must be the same as the folder name) to the Access Control List (ACL) on the folder. This method only uses CACLS; no resource kit tools are needed.

NOTE: This article assumes you have a USERS share that contains individual directories. Either retype or copy and paste the following information into a file called Addperm.cmd in the root directory of the drive that has the USERS directory.


A simplified Addperm.cmd using a different dir command

REM You can delete/REM the following line for troubleshooting.
@echo off
IF (%1)==() GOTO NoArgs
Echo Creating directory listing...
dir %1 /A:D /B > dir.txt
for /F "delims= tokens=1" %%a in (dir.txt) do call addperm2.cmd %1 %%a
echo ---------
echo - Finished.
echo ---------
ECHO usage: ADDPERM <Drive:\Directory of Users Parent Folder>
del dir.txt


Addperm2.cmd with examples added
if %2==bytes GOTO :End
REM Prefix %2 with the domainname\ if applying permissions to workstations or 
REM member server and place Quotes if groups contain a space.
cacls %1\%2 /T /G Administrators:F MUG2000\%2:C "MUG2000\Domain Admins":F <\yes.txt


The third file is a little more difficult.

Open a command prompt (Cmd.exe) and change directories to the root directory of the drive to which you have saved the other two files.

Type the following:
COPY CON YES.TXT <press the enter key>
y<press the enter key>
<Press Control-Z to exit and save the file>
This creates a text file with the Y and ENTER needed to automate the CACLS command.

To use the batch files type the following command:
addperm c:\users
These batch files can easily be altered to add different permissions to the directories. The /t switch instructs CACLS to change the permissions on all subfolders if the users folder has them.

If a user account does not match the name of the directory, you receive the error message:
No mapping between account names and security IDs was done.


Article ID: 180464 - Last Review: February 27, 2007 - Revision: 2.2
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
kbhowto kbinfo KB180464

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from