This is a batch file that quickly creates our standard set of folders for use with:

• File Shares
• Redirected Folders
• Roaming Profiles
• User Home Directories

@echo off
rem WARNING! 
rem This script is intended to be used on a new (data) drive and manhandles permissions on the entire drive!
rem
rem Edit the next line to place the folders on your choice of disk drive.
set drive=E:
net share Homes$ /d /y
net share Profiles$ /d /y
net share Redirected$ /d /y
takeown /F %drive% /R /D Y
rmdir /q /s %drive%\$RECYCLE.BIN
mkdir %drive%\Shares
mkdir %drive%\Homes
mkdir %drive%\Profiles
mkdir %drive%\Redirected
icacls %drive%\Shares /reset /T
icacls %drive%\Homes /reset /T
icacls %drive%\Profiles /reset /T
icacls %drive%\Redirected /reset /T
icacls %drive%\Shares /inheritance:r
icacls %drive%\Homes /inheritance:r
icacls %drive%\Profiles /inheritance:r
icacls %drive%\Redirected /inheritance:r

icacls %drive%\Homes /grant:r "ADMINISTRATORS":(OI)(CI)F /grant:r "SYSTEM":(OI)(CI)F /grant:r "CREATOR OWNER":(OI)(CI)(NP)(IO)F /grant:r "AUTHENTICATED USERS":(X,RD,RA,RC,REA)
net share Homes$=%drive%\Homes /grant:"ADMINISTRATORS",FULL /grant:"SYSTEM",FULL /grant:"Authenticated Users",FULL

icacls %drive%\Profiles /grant:r "ADMINISTRATORS":(OI)(CI)F /grant:r "SYSTEM":(OI)(CI)F /grant:r "CREATOR OWNER":(OI)(CI)(NP)(IO)F /grant:r "EVERYONE":F
net share Profiles$=%drive%\Profiles /GRANT:"EVERYONE",FULL

icacls %drive%\Redirected /grant:r "ADMINISTRATORS":(OI)(CI)F /grant:r "SYSTEM":(OI)(CI)F /grant:r "CREATOR OWNER":(OI)(CI)(NP)(IO)F /grant:r "EVERYONE":F
net share Redirected$=%drive%\Redirected /GRANT:"EVERYONE",FULL

dir %drive%
net share
icacls %drive%\*.*

set drive=
set domain=

echo "Folder structure has been created, permissions set and shares have been shared."

rem exit

This command would add Full Access to the “Domain Admins” group to the “root folder” and every folder within:

icacls "<root folder>" /grant "Domain Admins":F /t

If you add “:r” after Grant then the permissions would be replaced instead of being added.

icacls "<root folder>" /grant:r "Domain Admins":F /t

The basic permissions are:

• Full Control (F)
• Modify (M)
• Read & Execute (RX)
• List Folder Contents (X,RD,RA,REA,RC)
• Read (R)
• Write (W)

Advanced permissions are:

• Full Control (F)
• Traverse folder / execute file (X)
• List folder / read data (RD)
• Read attributes (RA)
• Read extended attributes (REA)
• Create file / write data (WD)
• Create folders / append data (AD)
• Write attributes (WA)
• Write extended attributes (WEA)
• Delete subfolders and files (DC)
• Delete (D)
• Read permissions (RC)
• Change permissions (WDAC)
• Take ownership (WO)

You can also specify the inheritance for the folders:

• This folder only
• This folder, subfolders and files (OI)(CI)
• This folder and subfolders (CI)
• This folder and files (OI)
• Subfolders and files only (OI)(CI)(NP)(IO)
• Subfolders only (CI)(IO)
• Files only (OI)(IO)