This article was previously published under Q180464
This article has been archived. It is offered "as is" and will no longer be updated.
It is sometimes necessary to assign permissions to a folder so that aparticular User and the Administrators group can administer it, as in thecase of Users Home Directories.
Using the following three files (Addperm.cmd, Addperm2.cmd, and Yes.txt) you can add the Administrators Group and the User (whose logon name must be the same as the folder name) to the Access Control List (ACL) on the folder. This method only uses CACLS; no resource kit tools are needed.
NOTE: This article assumes you have a USERS share that contains individual directories.Either retype or copy and paste the following information into a filecalled Addperm.cmd in the root directory of the drive that has the USERSdirectory.
A simplified Addperm.cmd using a different dir commandREM You can delete/REM the following line for troubleshooting.@echo offIF (%1)==() GOTO NoArgsEcho Creating directory listing...dir %1 /A:D /B > dir.txtfor /F "delims= tokens=1" %%a in (dir.txt) do call addperm2.cmd %1 %%aecho ---------echo - Finished.echo ---------GOTO End:NoArgsECHO usage: ADDPERM <Drive:\Directory of Users Parent Folder>ECHO.:Enddel dir.txt
Addperm2.cmd with examples addedif %2==bytes GOTO :EndREM Prefix %2 with the domainname\ if applying permissions to workstations or REM member server and place Quotes if groups contain a space.cacls %1\%2 /T /G Administrators:F MUG2000\%2:C "MUG2000\Domain Admins":F <\yes.txt:End
The third file is a little more difficult.
Open a command prompt (Cmd.exe) and change directories to the rootdirectory of the drive to which you have saved the other two files.
Type the following:
COPY CON YES.TXT <press the enter key> y<press the enter key> <Press Control-Z to exit and save the file>
This creates a text file with the Y and ENTER needed to automate theCACLS command.
To use the batch files type the following command:
These batch files can easily be altered to add different permissions to thedirectories. The /t switch instructs CACLS to change the permissions on all subfolders if the users folder has them.
If a user account does not match the name of the directory, you receivethe error message:
No mapping between account names and security IDs was done.
Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows 2000 Datacenter Server, Microsoft Windows NT Workstation 3.51, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Server 3.51, Microsoft Windows NT Server 4.0 Standard Edition