For what it’s worth, they fixed the copy problem and didn’t need my fix, but because it does work, here’s what the drama was.
We’re moving 300 odd folders, all named for the group that uses them, from one server to another. For security, each folder has a windows domain group named ‘IPS-GROUP’ (not really, but you get the idea). Only that domain group has access to the folder. I got a call asking me to reset the permissions on them. Manually. I flipped out for about a minute and bitched on Twitter. Then I sat down to code.
I used DOS because, due to another ongoing project, I’m probably the youngest person this familiar with it in my company. I knew I could do it in *nix pretty fast with a for loop, and I remembered a snippet of code I had out there for CACLs and I came up with this:
dir/b C:\temp\TEST > C:\temp\tlalist.txt cd C:\temp\TEST for /F %a IN (C:\temp\tlalist.txt) DO CACLS %a /E /G IPS-%a:F
So assuming that all your folders are in C:\Temp\TEST, what this does is make a list of all the folders, by name, and spits it into a file. Then you move to the directory and run the for loop, which says that for every line in the doc you made (each line is a folder name, remember), add the group IPS-foldername to the permissions with full rights.(You can chose whatever permissions you want. I suggest http://www.computerhope.com/cacls.htm as a resource.)
Now, this ONLY worked because on my server, the folder name and the group names are mostly the same. A couple are not, but the script kicked this out:
C:\temp\TEST>CACLS FOO /E /G IPS-FOO:F No mapping between account names and security IDs was done.
That let me go back and manually fix the ten or so that failed.
I hope this helps someone else down the line!