Powershell to the rescue – yet again. I think I could use get-acl to find all of the data that the group doesn’t have access to, since they probably already have access to at least 75% of it. Then I could probably pipe that to set-acl and go from there.
I’ll also look into icacls /t and setacl.exe, so thanks Webster and Aakash. Thanks to everyone for the answers. I should be able to get this done when I’m back in the office next week with the given info. *From:* [email protected] [mailto: [email protected]] *On Behalf Of *Jake Gardner *Sent:* Friday, August 01, 2014 3:46 PM *To:* '[email protected]' *Subject:* RE: [NTSysADM] Adding ACE to an Entire Directory Tree Powershell… Set-Acl http://technet.microsoft.com/en-us/library/hh849810.aspx Here’s a code snippet that shows powershell looping through folders: $path = "\\server\e$\drawings\_Dwgs_for_Release <file:///\\server\e$\drawings\_Dwgs_for_Release>" $ArcPath = "\\server\e$\drawings\_Dwgs_for_Release\Archive <file:///\\server\e$\drawings\_Dwgs_for_Release\Archive>" $PathDir = get-ChildItem $Path | where{$_.PSIsContainer} | where{$_.lastwritetime –lt (Get-date).AddDays(-90)} foreach ($item in $PathDir) { if ($item) {Move-item $path"\"$item $ArcPath} } You can add an extra test at each folder level to check for more child objects and keep digging down. An extra step but less code could be to dump “dir /b /ad /s” to a text file and have powershell read it in and grab each line as a path. Thanks, Jake Gardner IT Administrator 267-352-2020 Ext. 246 www.ttcdas.com *From:* [email protected] [ mailto:[email protected] <[email protected]>] *On Behalf Of *Charles F Sullivan *Sent:* Friday, August 01, 2014 3:00 PM *To:* [email protected] *Subject:* [NTSysADM] Adding ACE to an Entire Directory Tree I’ve been dealing with NTFS permissions for years, but surprisingly the need for this has rarely come up: I need to grant full control permission to a group and it needs to propagate all the way down a directory tree. This means that it needs to apply to folders which aren’t inheriting permissions, and of course it needs to be done without resetting the entire ACL on any of the data. The account I use will have full control of the data all the way down the tree, so at least that is not an obstacle. So far I haven’t found a way to do this without using something like Security Explorer. Does anyone know of the right tool or method to use for this? I’m not able to find any switches within the “_cacls” commands. It seems to me that there’s got to be a way to do this without buying a utility. Maybe it’s there in front of me and I’m just not getting it. Thanks for any help with this. ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *******************************************************************
