SetAcl goodness

TrueTechSolutions

Monday, April 4. 2005

SetAcl goodness

Here are a few examples using the SetAcl (http://setacl.sourceforge.net/) program to manges share and folder permissions

ONE:


:: %1=Server Name; %2=Group Name
:: For example: setacl file.bat servername groupname
:: Make Directories
mkdir D:\data\common
mkdir D:\data\mgmt
mkdir D:\data\sales
mkdir D:\data\users
:: Adds NTFS permissions for users group on the common directory.
setacl -on \\%1\data\common -ot file -actn ace -ace "n:domain\%2;p:change"

:: Removes NTFS permissions for users group from the Mgmt directory.
setacl -on \\%1\data\Mgmt -ot file -actn setprot -op "dacl:p_c;sacl:p_c"
setacl -on \\%1\data\Mgmt -ot file -actn ace -ace "n:domain\%2;m:revoke"
:: Adds NTFS permissions for Mgmt group on the MGMT directory.
setacl -on \\%1\data\Mgmt -ot file -actn ace -ace "n:domain\%2-MGMT;p:change"

:: Removes NTFS permissions for users group from the sales directory.
setacl -on \\%1\data\sales -ot file -actn setprot -op "dacl:p_c;sacl:p_c"
setacl -on \\%1\data\sales -ot file -actn ace -ace "n:domain\%2-Sales;m:revoke"
:: Removes NTFS permissions for users group from the users directory.
setacl -on \\%1\data\users -ot file -actn setprot -op "dacl:p_c;sacl:p_c"
setacl -on \\%1\data\users -ot file -actn ace -ace "n:domain\%2;m:revoke"



TWO:


@echo off
:: 
:: %1 = equals group name
:: Call CreateShare.vbs to share folders
cscript \\%1-Srv\nos\createshare.vbs
:: =====================================
:: Sets up Apps Share
:: =====================================
:: setacl -on \\%1-Srv\Apps -ot file -actn setprot -op "dacl:p_c;sacl:p_c" -rec cont_obj
  :: Removes "Everyone" from share
setacl -on \\%1-Srv\Apps -ot shr -actn ace -ace "n:everyone;m:revoke"
  :: Adds "Domain Admins" Group to share with Full permissions; Read to Domain Users
setacl -on \\%1-Srv\Apps -ot shr -actn ace -ace "n:Domain\Domain Admins;p:Full" -ace "n:Domain\Domain Users;p:Read"
:: =====================================
:: Sets up Click&Find Share
:: =====================================
:: setacl -on "\\%1-Srv\Click&Find" -ot file -actn setprot -op "dacl:p_c;sacl:p_c" -rec cont_obj
  :: Removes "Everyone" from share
setacl -on "\\%1-Srv\Click&Find" -ot shr -actn ace -ace "n:everyone;m:revoke"
  :: Adds "Domain Admins" Group to share with Full permissions; Read to Domain Users
setacl -on "\\%1-Srv\Click&Find" -ot shr -actn ace -ace "n:Domain\Domain Admins;p:Full" -ace "n:Domain\Domain Users;p:Change"
:: =====================================
:: Sets up Data Share & NTFS
:: =====================================
  :: :Removes Inheritable Permissions flag
setacl -on \\%1-Srv\Data -ot file -actn setprot -op "dacl:p_c;sacl:p_c" -rec cont_obj
  :: :Removes "Everyone" from share
setacl -on \\%1-Srv\Data  -ot shr -actn ace -ace "n:everyone;m:revoke"
  :: Adds "Domain Admins" Group to share with Full permissions; Read to Branch Group
setacl -on \\%1-Srv\Data -ot shr -actn ace -ace "n:Domain\Domain Admins;p:Full" -ace "n:Domain\%1-Ent;p:Full"
  :: :Removes specified groups from NTFS permissions on this directory and all below
setacl -on D:\Data -ot file -actn ace -ace "n:users;m:revoke" -rec cont
  :: Add Branch group to folder's NTFS permissions with Read & Execute
setacl -on D:\Data -ot file -actn ace -ace "n:Domain\%1-Ent;p:read_ex" -ace "n:Domain\Domain Admins;p:Full"
:: =====================================
:: Sets up Images Share
:: =====================================
:: Removes "Everyone" from share
:: setacl -on \\%1-Srv\Images -ot shr -actn ace -ace "n:everyone;m:revoke"
  :: Adds "Domain Admins" Group to share with Full permissions; Read to Everyone Group
setacl -on \\%1-Srv\Images -ot shr -actn ace -ace "n:Domain\Domain Admins;p:Full" -ace "n:Everyone;p:Read"
:: =====================================
:: Sets up WM Share
:: =====================================
:: setacl -on \\%1-Srv\WM -ot file -actn setprot -op "dacl:p_c;sacl:p_c" -rec cont_obj
  :: Removes "Everyone" from share
setacl -on \\%1-Srv\WM -ot shr -actn ace -ace "n:everyone;m:revoke"
  :: Adds "Domain Admins" Group to share with Full permissions; Change to Domain Users
setacl -on \\%1-Srv\WM -ot shr -actn ace -ace "n:Domain\Domain Admins;p:Full" -ace "n:Domain\Domain Users;p:Change"

echo 
echo ================
echo !!!!! Done !!!!!
echo ================
Posted by Antknee in Windows Server at 16:46 | Comments (0) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment


To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 

Calendar

Back January '12
Mon Tue Wed Thu Fri Sat Sun
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Links

Antknee's Script Library

Categories



All categories

Quicksearch

Archives

supersized.org

Owner login

supersized s9y blog hosting
Free s9y blog!

Disclaimer

Syndicate This Blog
Just a counter