How To: Set NTFS Permission Through a Script


Via de onderstaande regels kun je via een batchfile rechten toekennen aan een directory. In dit voorbeeld is dat C:Folder.

Regel 1. Voegt de groep Domain Admins toe en maakt deze owner van C:Folder. Ook verwijder deze regel alle overige permissions die al toegekend waren.

Regel2. voegt een groep toe moet Modify rechten.

Regel3. voegt een groep toe met Read en Execute rechten.

  1. cscript XCACLS.vbs “C:Folder” /g “domainDomain Admins“:F /F /T /O “Domain Admins”
  2. cscript XCACLS.vbs “C:Folder” /g domainDL_RES_Groupname_Modify:M /F /T /E
  3. cscript XCACLS.vbs “C:Folder” /g domainDL_RES_Groupname_read:X /F /T /E

De dikgedrukte parameters kun je terugvinden in het help bestand:

filename            [Required] If used alone, it Displays ACLs.
                    (Filename can be a filename, directory name or
                    wildcard characters and can include the entire
                    path. If path is missing, its assumed to be
                    under the current directory.
                    Notes:
                    – Put filename in quotes if it has spaces or
                    special characters such as &, $, #, etc.
                    – If Filename is a directory, all files and
                    sub directories under it will NOT be changed
                    unless the /F or /S is present.

/F                  [Used with Directory or Wildcard] This will change all
                    files under the inputed directory but will NOT
                    traverse sub directories unless /T is also present.
                    If filename is a directory, and /F is not used, no
                    files will be touched.

/S                  [Used with Directory or Wildcard] This will change all
                    sub folders under the inputed directory but will NOT
                    traverse sub directories unless /T is also present.
                    If filename is a directory, and /S is not used, no
                    sub directories will be touched.

/T                  [Used only with a Directory] Traverses each
                    subdirectory and makes the same changes.
                    This switch will traverse directories only if the
                    filename is a directory or is using wildcards.
/E                  Edit ACL instead of replacing it.

/O user             Change the Ownership to this user or group.

/L filename         Filename for Logging. This can include a path name
                    if the file isn’t under the current directory.
                    File will be appended to, or created if it doesn’t
                    exit. Must be Text file if it exists or error will occur.
                    If filename is obmitted the default name of XCACLS will
                    be used.

Meer info en de download vind je hier: KB825751

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s