Saturday, December 1, 2007

File Permissions and Attributes

I am sure that there are some of you out there that already know about this, but I find it is important enough to mention for those of you that don't know. I ran into a rather peculiar situation the other day. I needed to change the folder attributes on a remote computer and also needed to grant some Domain NTFS rights to another folder on a remote computer. After doing some digging into my old tech notes, I ran across a couple of built-in utilities that resides on just about every Windows XP computer. I decided to test my options by using Altiris Deployment Server and a couple different jobs to make the two changes mentioned above. You can use the ATTRIB command to change the files attributes of a file or folder. You can use the CACLS command to change the NTFS permissions on a file. I created a deployment server job that contained a run script command something like this --> attrib + R %systemdrive%\myfolder\myfile.txt <-- to change the file to 'Read-Only'. I then created a second job that contained a run script task something like this --> cacls %systemdrive%\myfolder /E /G %Domain Users%:W <-- to grant the domain users group 'modify' permissions to this folder. I work in an environment where the end users have their computers locked down and do not have rights to do anything on their computers. However, there are some situations where the software they are using requires them to have rights to modify a file in a directory other than their 'My Documents' folder. Hence, the reason for creating a folder on the root of the drive and granting them those rights to that folder only. Software that requires that access level is installed in that directory to allow things to work as planned. I hope this has not confused things too much, and I hope you find it as useful as I did. Especially when it comes to changing things on hundreds of systems in a very short timeframe.

No comments: