Based on the idea I elaborated in my previous post:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
REM Run this in a folder full of roaming profiles (of format username.v2) REM This script will process each folder and if the context under which it is running is unable to view ACLs of the folder, it will add the BUILTIN\Administrators group to the ACL @ECHO OFF setlocal EnableDelayedExpansion FOR /d %%D in ("*.v2") DO ( echo Processing %%D REM FOR /F "delims=." %%U in ('echo %%D') DO echo User is %%U icacls %%D /Q 1> nul 2> nul IF !errorlevel! EQU 5 ( echo Will fix %%D echo Taking ownership of %%D REM takeown /A /F %%D echo Granting Administrators full control to %%D REM icacls %%D /grant BUILTIN\Administrators:F /T 1> nul 2> nul echo Taking ownership of all sub-folders of %%D REM takeown /A /F %%D\* /R /D Y echo Enabling inheritance on sub-folders of %%D REM icacls %%D\* /inheritance:e /T 1> nul 2> nul ) ) |
Latest version can be found on GitHub.
I will explain the Batch file in detail later.