Need help with Folder permissions in server 2008 r2

I have a windows domain and am using roaming profiles for our students.

Student profile server is a 2008 r2 box.  I have a folder created on the root d drive called profiles and the permissions are set as follows:

inheritance is off
tech - full control (anyone in the tech department)
teachers- full control (all teachers have access to all student files)
system - full control
domain user - special permissions (this was set by windows not me)


inside that folder I have 2 more folders.  one called data and one called roam.  Each of these folders have the inheritance turned on and the show the same permissions as the parent folder.  Inside the data folder is where each student has a folder (named by ID) that has their my documents folder, desktop folder etc.  the roam folder also contains student folders (named by id) that contains the appDat folder and ntuser.dat files etc. (anything that gets copied to the local machine at login)

The folders that are created inside these folders are supposed to get all permissions from the parent folder as well as give the individual student modify permission on their folder and its contents.  

I have recently renamed the roam folder and created a new roam folder as described above.  student folders start to be created inside however some of them have the correct permission settings, some only list the student and administrator (inheritance is off) and some are created where I have no access to the folder at all until I take ownership of the folder, after which the administrator is the only user with any permissions to the folder and contents.

I have 6000 student accounts.  Is there a way to write a vb script that would change the permissions on these folders all at once instead of changing each one individually.

What I would need is to have the administrator take ownership of all files and folders, then change inheritance properties on all files and folders, add the student to their folder with modify permission and then change owner of each folder and contents back to the ID of the folder name.

Any help would be GREATLY appreciated!  Ultimately I would love if the folders were just created correctly and I didn't need to do anything.  It worked great in windows XP but since we moved to windows 7 it has been a nightmare!  I had a case open with Microsoft and they could not get the folders to create with the correct permissions and the case was closed after 2 weeks or trying different things.  The script idea is mine but I do not know where to begin to create it.

 

Question Info


Last updated March 16, 2018 Views 634 Applies to:
Answer
Answer
I have a windows domain and am using roaming profiles for our students.

Student profile server is a 2008 r2 box.  I have a folder created on the root d drive called profiles and the permissions are set as follows:

inheritance is off
tech - full control (anyone in the tech department)
teachers- full control (all teachers have access to all student files)
system - full control
domain user - special permissions (this was set by windows not me)


inside that folder I have 2 more folders.  one called data and one called roam.  Each of these folders have the inheritance turned on and the show the same permissions as the parent folder.  Inside the data folder is where each student has a folder (named by ID) that has their my documents folder, desktop folder etc.  the roam folder also contains student folders (named by id) that contains the appDat folder and ntuser.dat files etc. (anything that gets copied to the local machine at login)

The folders that are created inside these folders are supposed to get all permissions from the parent folder as well as give the individual student modify permission on their folder and its contents.  

I have recently renamed the roam folder and created a new roam folder as described above.  student folders start to be created inside however some of them have the correct permission settings, some only list the student and administrator (inheritance is off) and some are created where I have no access to the folder at all until I take ownership of the folder, after which the administrator is the only user with any permissions to the folder and contents.

I have 6000 student accounts.  Is there a way to write a vb script that would change the permissions on these folders all at once instead of changing each one individually.

What I would need is to have the administrator take ownership of all files and folders, then change inheritance properties on all files and folders, add the student to their folder with modify permission and then change owner of each folder and contents back to the ID of the folder name.

Any help would be GREATLY appreciated!  Ultimately I would love if the folders were just created correctly and I didn't need to do anything.  It worked great in windows XP but since we moved to windows 7 it has been a nightmare!  I had a case open with Microsoft and they could not get the folders to create with the correct permissions and the case was closed after 2 weeks or trying different things.  The script idea is mine but I do not know where to begin to create it.

Wrong forum.  Technet.
 
And yes - lots of ways to do what you want.  VBScript would work.  Powershell.  Probably even a batch script could do it.
.-
Shenan Stanley
MVP 2005-2011 & 2013-2015
Insider MVP 2016-
.-

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.