JSI Tip 9520. After insuring that Administrators have Full Control of newly redirected user folders, how do I 'fix' existing redirected folders?

NOTE: See tip 3471 » How can I insure that administrators have access to a user's redirected folder?

I have scripted GrantAdmin.bat to grant Administrators full control of existing redirected user folders.

Since by default, only the user and the built in System account have Full Control of the redirected folder, you must run GrantAdmin.bat in the System account context:

Freeware application opens a CMD prompt in the System account context.

How do I schedule a job to run under the SYSTEM context?

The syntax for using GrantAdmin.bat is:

GrantAdmin ParentFolderPath

Where ParentFolderPath is the path to the parent folder whose first level sub-folders are named  as a user's logon name, like Jerry.

NOTE: GrantAdmin.bat uses the Corrected version of SubInAcl.

In addition to granting Administrators Full Control, GrantAdmin.bat insure that the user is the owner of their redirected folder, sub-folders, and files.

GrantAdmin.bat contains:

@echo off
if \{%1\}==\{\} @echo Syntax: GrantAdmin ParentFolderPath&goto :EOF
if not exist %1 @echo Syntax: GrantAdmin %1 NOT found.&goto :EOF
set parent=%1#
set parent=%parent:"=%
set parent=%parent:\#=%
set parent=%parent:#=%
pushd "%parent%"
for /f "Tokens=*" %%a in ('dir /b /a "%parent%"') do ( 
 echo y| cacls "%parent%\%%a" /T /E /C /g Administrators:F
 echo y| cacls "%parent%\%%a" /T /E /C /g "%USERDOMAIN%\%%a":F
 subinacl /noverbose /nostatistic /subdirectories "%parent%\%%a" /setowner="%USERDOMAIN%\%%a"
 subinacl /noverbose /nostatistic /subdirectories "%parent%\%%a\*.*" /setowner="%USERDOMAIN%\%%a"

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.