Differences

This shows you the differences between two versions of the page.

--- networking:windows:active_directory:folder_creation [2017/09/07 16:54]
gcooper
+++ — (current)
@@ Line 1: / Line 1: @@
-====== Standardized Active Directory User Folders ======
-This is a batch file that quickly creates our standard set of folders for use with:
-  * **File Shares**
-  * **[[networking:windows:active_directory:folder_redirection|Redirected Folders]]**
-  * **[[networking:windows:active_directory:roaming_profiles|Roaming Profiles]]**
-  * **[[networking:windows:active_directory:home_directories|User Home Directories]]**
-===== folders.bat =====
-<note important>Edit the batch file to specify the drive letter where the folders are to be created (defaults to E:).</note>
-<file>
-@echo off
-rem WARNING!
-rem This script is intended to be used on a new (data) drive and manhandles permissions on the entire drive!
-rem
-rem Edit the next line to place the folders on your choice of disk drive.
-set drive=E:
-net share Homes$ /d /y
-net share Profiles$ /d /y
-net share Redirected$ /d /y
-takeown /F %drive% /R /D Y
-rmdir /q /s %drive%\$RECYCLE.BIN
-mkdir %drive%\Shares
-mkdir %drive%\Homes
-mkdir %drive%\Profiles
-mkdir %drive%\Redirected
-icacls %drive%\Shares /reset /T
-icacls %drive%\Homes /reset /T
-icacls %drive%\Profiles /reset /T
-icacls %drive%\Redirected /reset /T
-icacls %drive%\Shares /inheritance:r
-icacls %drive%\Homes /inheritance:r
-icacls %drive%\Profiles /inheritance:r
-icacls %drive%\Redirected /inheritance:r
-icacls %drive%\Homes /grant:r "ADMINISTRATORS":(OI)(CI)F /grant:r "SYSTEM":(OI)(CI)F /grant:r "CREATOR OWNER":(OI)(CI)(NP)(IO)F /grant:r "AUTHENTICATED USERS":(X,RD,RA,RC,REA)
-net share Homes$=%drive%\Homes /grant:"ADMINISTRATORS",FULL /grant:"SYSTEM",FULL /grant:"Authenticated Users",FULL
-icacls %drive%\Profiles /grant:r "ADMINISTRATORS":(OI)(CI)F /grant:r "SYSTEM":(OI)(CI)F /grant:r "CREATOR OWNER":(OI)(CI)(NP)(IO)F /grant:r "EVERYONE":F
-net share Profiles$=%drive%\Profiles /GRANT:"EVERYONE",FULL
-icacls %drive%\Redirected /grant:r "ADMINISTRATORS":(OI)(CI)F /grant:r "SYSTEM":(OI)(CI)F /grant:r "CREATOR OWNER":(OI)(CI)(NP)(IO)F /grant:r "EVERYONE":F
-net share Redirected$=%drive%\Redirected /GRANT:"EVERYONE",FULL
-dir %drive%
-net share
-icacls %drive%\*.*
-set drive=
-set domain=
-echo "Folder structure has been created, permissions set and shares have been shared."
-rem exit
-</file>
-===== Reference =====
-This command would add Full Access to the "Domain Admins" group to the "root folder" and every folder within:
-<file>
-icacls "<root folder>" /grant "Domain Admins":F /t
-</file>
-If you add ":r" after Grant then the permissions would be replaced instead of being added.
-<file>
-icacls "<root folder>" /grant:r "Domain Admins":F /t
-</file>
-The basic permissions are:
-  * Full Control (F)
-  * Modify (M)
-  * Read & Execute (RX)
-  * List Folder Contents (X,RD,RA,REA,RC)
-  * Read (R)
-  * Write (W)
-Advanced permissions are:
-  * Full Control (F)
-  * Traverse folder / execute file (X)
-  * List folder / read data (RD)
-  * Read attributes (RA)
-  * Read extended attributes (REA)
-  * Create file / write data (WD)
-  * Create folders / append data (AD)
-  * Write attributes (WA)
-  * Write extended attributes (WEA)
-  * Delete subfolders and files (DC)
-  * Delete (D)
-  * Read permissions (RC)
-  * Change permissions (WDAC)
-  * Take ownership (WO)
-You can also specify the inheritance for the folders:
-  * This folder only
-  * This folder, subfolders and files (OI)(CI)
-  * This folder and subfolders (CI)
-  * This folder and files (OI)
-  * Subfolders and files only (OI)(CI)(NP)(IO)
-  * Subfolders only (CI)(IO)
-  * Files only (OI)(IO)

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools