Too many permisions

[lordhuh]

Hi guys,
I have a drive that has a good 2000+ directorys. these are our students (i work at a public school) home directories. the permisions on each folder are as such
foldername:
abbotak
permisions:
Administrators: FullControll
Backup Operators: FullControll
Domain Admins: FullControll
SYSTEM: FullControll
Staff: FullControll
then this is the important one
AbbotAK: Change (RWXD)

we want to remove X from the permision listed above. there are way to manny folders to even consider manually doing this. Is there any batch commands or vb script or windows script, or any programs to do this for me. thanks

Karl Pietri
lordhuh.pota.to

 

[MasterRacker]

You need to use CACLS. At a command prompt type "CACLS /?" for options. You have to run it per user so you need to generate a list of usernames into a text file then add the commands to generate a batch file for the operation.

The following is a batch file that will generate the list of IDs:
=========================================================

@echo off
rem -----------------------------------------------------------------------------------
rem UserList.BAT - Generate a list of all user IDs for a domain.
rem
rem   This file parses the output of the "net user" command into a single column list
rem   of all users for a domain, discarding the header and trailers.
rem -----------------------------------------------------------------------------------
echo Processing user list, Please wait....

set LISTFILE=UserList.txt

if exist %LISTFILE% del %LISTFILE%
goto PROCESS

:FINISH
echo Processing Complete.  Output is in the file [%LISTFILE%]
goto :EOF

:PROCESS
for /f "Skip=6 Tokens=1,2,3" %%i in ('net user /domain') do call :CHECKEND %%i %%j %%k
goto :EOF

:CHECKEND
if "%1"=="The" goto :FINISH

rem -- write output file
echo %1 >> %LISTFILE%
if "%2" NEQ "" echo %2 >> %LISTFILE%
if "%3" NEQ "" echo %3 >> %LISTFILE%
rem -----------------------------------------------------------------------------------

Experiment on a couple of IDs manually to get the CACLS switches you need then you could modify the last 3 lines of the batch file to include the CACLS commands to generate the batch file as a text file. Edit the file to remove IDs you don't want to process and rename it to a ".bat" file and you should be ready to go.
Jeff
masterracker@hotmail.com

If everything seems to be going well: you don't have enough information.......

 

[lordhuh]

sweet between this generating a text file of users and my vb skills i can generate the batch file easily
Karl Pietri
lordhuh.pota.to

 

[lordhuh]

NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO

cacls will not allow changing of execute permisions which is what i want to remvoe. we have a problem of students downloading stuff and installing it. they cant save to the HD so they save to there folder and run it. any other ideas out there?
Karl Pietri
lordhuh.pota.to

 

[Alt255]

You can use the Policy Editor to Restrict Run to certain apps for individual users. If you aren't familiar with poledit (it doesn't sound like you are), I wouldn't recommend experimenting with it on a live network. Try it on a stand-alone Win 98 machine first.

Be prepared to restore a backup copy of the registry. It's amazingly easy to lock yourself out of the desktop or prevent yourself from getting back into the Policy Editor if you don't know what you are doing.

Be very cautious here.

Alt255@Vorpalcom.Intranets.com
​

 

[lordhuh]

we have tryed this before and due to some reason (i wanst involved with it) it didnt work at all. Karl Pietri
lordhuh.pota.to