This simple batch file resets the inheritance on users folders and then grants them “modify” using the builtin icacls.exe. This script does not address issues which require you to take ownership — I will post one that does that soon.
@Echo Off Pushd \\path\USERS\ for /d %%u in (*.*) do echo ICACLS %%~fu /reset /t /c &echo ICACLS %%~du\%%u /grant %%u:M /t /c popd pause
I added the “echo” command so you can see what it is doing — remove “echo” when you are ready to run it.
Remember that the variable character for batch files is the percentage sign “%” which must be escaped with a second percentage sign inside a batch file. So if you intend to run this from a command line, you would need to use only a single percentage sign for each variable.
PushD does a temporary drive mapping and changes you to the folder. Popd is the undo for PushD. Both are available inside of PowerShell.
The “FOR” command reads like this: For each directory assign the variable %u. Run iCacls to reset security, traversing the folders and continuing on errors. The expression %~fu expands %u to a fully qualified path name. The semi-colon allows multiple commands to be stacked. The next iCacls command grants the user modify based on the assumption that the username and folder name are the same. %~du expands %u to a drive letter only – here, the temporary drive you got from the pushd command.
Variable assignments in the batch for command are case sensitive. If you run “FOR /?” from a command line, you will see a long list of interesting things that the tilde modifier can do with a batch variable.