List and add NTFS permissions on shared folders

Question

Due to new domain migration, I need to find a script listing all NTFS permissions of groups and add a new permissions of the new group for some folders (these folders either CIFs or NFS).

Some folders have different groups and different permissions. such as pc\admin groups, now i need to add TA\admin groups to the same folder without deleting or wipe out the old permissions and groups. I found a script but not listing any current permissions and groups:

Answer 1

You can use the icacls command to display or modify permissions on any given file or folder. For adding a missing group to a folder, something like this should work:

Set sh  = CreateObject("WScript.Shell")

fldr  = "C:\some\folder"
group = "TA\admin"

rc = sh.Run("%COMSPEC% /c icacls """ & fldr & """ | find /i """ & group _
  & """", 0, True)
If rc <> 0 Then sh.Run "icacls """ & fldr & """ /grant " & group & ":F"

For listing the permissions on a folder tree something like ntfsacls or AuditACLs.vbs might be a better choice, though.

---

icacls usage example:

icacls "C:\some\folder" /grant FOO\bar:(OI)(CI)RX Administrators:(OI)(CI)F

This will grant the group "bar" of the domain "FOO" read/execute permissions and the local group "Administrators" full access to the folder "C:\some\folder" and all of its subfolders that are configured to inherit permissions from their parent.

To run this command from VBScript with variables for the folder and groups you'd do this:

fldr = "C:\some\folder"
groupA = "FOO\bar"
groupB = "Administrators"

Set sh = CreateObject("WScript.Shell")

sh.Run "icacls """ & fldr & """ /grant " & groupA & ":(CI)(OI)RX " _
  & groupB & ":(CI)(OI)F"