Hi Rooky,
I guess a lot of System admins have already gone through this.
You might want to look at either the xcacls.exe or cacls.exe command.
Be careful what you do here:
I would set NTFS permissions for Everyone:READ and Domain Admins:FULL control at the parent folder through Windows explorer GUI.
Security tab. set the permissions here.
Click on Advanced: click on "Replace permissions entries on all child objects with entries shown here that apply to child objects"
Make sure you also tick on the box that reads "Allow inheritable permissions from the parent to propagate..."
In advance, you should identify which user must have access to which folder under the parent folder in case the child folders have not been named after the %username%.
You might want to do the following:
CMD - change working directory to the parent folder.
dir /ad /b
(watch it here, in case you have weird directory names or over-8-chars- directory names you migfht need to use the /x switch and redirect the output to a file to obtain only the folder names as you can't just use /x along with /ad or /b)
Then you may want to use a FOR loop along with either XCACLS or CACLS like this:
Use this in case the folder names have been named after the usernames:
for /f %a in (folderlist.txt) do xcacls %a /e /g DOMAIN\%a:C
Otherwise, you'll have to figure out a way to set NTFS permissions at each folder.
But I would still suggest using this:
xcacls ChrisGardner_FolderName /e /t /g DOMAIN\ChrisG_AccountName:C
xcacls SteveAtkinson_FolderName /e /t /g DOMAIN\SteveAtkinson_AccountName:C
Hope this will help.
Edgar.
