Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Utility to replace file permissions?

Status
Not open for further replies.

Chopsy

IS-IT--Management
May 29, 2002
111
AU
I am looking for a utility or script that I can run on my Win 2003 servers to globally replace any permissions granted to 'Everyone' with 'Authenticated Users'. Any ideas?

The reason I am looking for this is I have a large number of servers, and an audit has highlighted that there are a lot of areas on key servers where Everyone has been granted permissions. I have used the tool AccessChk to report on any files or folders where Everyone group has access, and it is returning hundreds of files/folders on each server. Manually resetting these would be incredibly time consuming. I've found tools that can remove or set permissions, but what I want to do is _replace_ permissions so that 'Authenticated Users' ends up with exactly the same rights that 'Everyone' had. I don't cause any other issues by removing any permissions or adding any unnecessary ones.
 
What about using the command line and LDAP queries, then on the report change as where needed?
 
You could just change the share permissions to authenticated users then only authenticated users will be able to access any data through a share.
 

AckeyG - I can report on where the changes are needed already, that's not the issue, the issue is trying to find a way to automate the changes. Unless I misundertand your answer, it doesn't help me with that.

porkchopexpress - The files are not on shares, they are generaly Windows system files etc.
 
CACLS is a utility included in W2K3 which can be scripted or if you prefer put in a batch file to replace the DACLs on pretty much anything you like.

Outside of that you might want to chat to a 'scripting kiddie', I'm sure there are plenty of VB scripts that can be modified to do what you want.

Basically a script that searches for a given parameter, 'Everyone' which once found runs a CACLS script against it, removing the everyone replaceing it with authenticated.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top