I have a number of folders within user directories that have ended up with the wrong ACLs. I would like to find a way to use PowerShell (or a regular command prompt if that is easier) to remove the existing ACL and replace it with what it should inherit from its parent folder. The trick is that only the user that owns the folder has access to it (get-acl '.\folder' returns "Attempted to perform an unauthorized operation."). These folders all sit on a Windows Server 2003 Std system.
Try this:
#You have a textfile with FOLDER-paths
#$a = Get-Content d:\list.txt
#You have an array of FOLDER-paths
$a = #("d:\mytestfolder", "d:\my2ndtestfolder")
$a | % {
#Take ownership to admin-group
& TAKEOWN /F $_ /A /R /D Y
#Reset acl to default recursively
& ICACLS $_ /RESET /T /C
}
It turns out that this was much easier to accomplish with the regular command prompt tools. The attached script did what I needed in just a couple of lines:
#Echo Off
#Echo Taking ownership of files in %1
takeown /f %1 /r /d Y /a > :nul
#Echo Restoring default ACLs in %1
icacls %1 /reset /t /c > :nul
#Echo Restoring ownership of files to %2
subinacl /file %1 /setowner=%2 > :nul
subinacl /subdirectories %1\*.* /setowner=%2 > :nul
Related
I am currently migrating from a Unix FS to a Windows FS and i need to copy user folders.
I have created a robocopy script that is very simple with a few kinks here and there.
My script:
#echo off
set /p username=Enter Username to start copying files:
echo %username%
takeown /f \UNIXFS\users$%username%* /r /D N
timeout /t 3
robocopy \UNIXFS\users$%username% \WINDOWSFS\Production$%username% /S /E /B /Z /ZB /MT:64 /V /TEE /ETA /TS /R:5 /W:1 /BYTES /X /DEBUG /LOG:C:\Robocopy%username%.log
timeout /t 3
icacls \WINDOWSFS\Production$%username%* /grant:r domain%username%:(OI)(CI)F /T
pause
I have an input section asking me which user i would like to start copying files from and too.
i take owner ship from the user as the current domain admin, copy the files and give the user full permissions on the folder.
But the ownership is still for the domain admin and not the user chosen by the inputted user.
Therefor i have created a separate single command line bat file that will take the ownership of the folder when i log in to the users account.
Take ownership script to run on for the migrated user:
takeown /F \WindowsFS\Production$%username%* /r /D Y
is there a way i can combine these two script as one and just run this as a single script.
I have tried to just combine them both together but the last takeown command like just give the user that runs the script ownership, when you have to do this for a lot of users you don't want to manually input or run the takeown script one by one on all machines.
I want to store the result of powershell command in cmd variable as String : powershell -com "(ls | select -Last 1).FullName". How to do this?
CMD does not have a straightforward way of assigning command output to a variable. If the command produces just a single line you could use a for loop
for /f "delims=" %a in ('some_command /to /run') do #set "var=%a"
However, if the command produces multiple lines that will capture only the last line. A better approach would be redirecting the output of the command to a file and then reading that file into a variable:
set "tempfile=C:\temp\out.txt"
>"%tempfile%" some_command /to /run
set /p var=<"%tempfile%"
del /q "%tempfile%"
If you literally need only the last file in a directory you don't need to run PowerShell, though. That much CMD can do by itself:
for /f "delims=" %f in ('dir /a-d /b') do #set "var=%~ff"
Beware that you need to double the % characters when running this from a batch file.
A FOR loop can provide the path to the file. If the default directory sorting order is not the result needed, specify additional command line switches on the DIR command.
FOR /F "delims=" %F IN ('DIR /B') DO (SET "THE_FILE=%~fF")
ECHO THE_FILE is "%THE_FILE%"
In a .bat file script, double the percent characters on FOR loop variables.
FOR /F "delims=" %%F IN ('DIR /B') DO (SET "THE_FILE=%%~fF")
ECHO THE_FILE is "%THE_FILE%"
The .bat file scripts can also run PowerShell scripts. It is best practice to not use aliases such as ls in scripts.
FOR /F "delims=" %%F IN ('powershell -NoLogo -NoProfile -Command ^
"(Get-ChildItem -File | Select-Object -Last 1).FullName"') DO (SET "THE_FILE=%%~fF")
ECHO THE_FILE is "%THE_FILE%"
The problem with cmd here is that I want to get the full paths for
FOLDERs NOT recursive... this dir /ad /b doesn't give full paths and
this dir /ad /b /s does it recursively... – stakowerflol 2 hours ago
That's not a problem, you can return the full file path without recursing.
If you are changing directory to the path you need to check then it's stored in %CD%
If you need the path to whee the Script itself is it's stored in %~dp0
If you want to provide an argument to specify and arbitrary path and get all of the listings it will be that argument term (EG %~1)
With all three possible options you can do the same thing:
Either
Prepend the provided variable to the output of the chosen directory enumeration method
OR
Use a For loop to get the file names at that path and show the result with the full path.
IE
Jenkins_A_Dir.bat
#(
SETLOCAL
ECHO OFF
SET "_Last="
ECHO.%~1 | FIND /I ":\" > NUL && (
SET "_CheckHere=%~1"
)
IF NOT DEFINED _CheckHere (
SET "_CheckHere=C:\Default\Path\When\No Argument\Specified"
)
)
REM Use a For loop to get everything in one variable
FOR %%A IN (
"%_CheckHere%\*"
) DO (
SET "_Last=%%A"
)
ECHO.Found "%_Last%"
REM Use `FOR /F` with DIR, and append the path to Check:
SET "_Last="
FOR /F "Tokens=*" %%A IN ('
DIR /A-D /B "%_CheckHere%\*"
') DO (
SET "_Last=%_CheckHere%\%%A"
)
ECHO.Found "%_Last%"
Of course you don't NEED to have set a variable such as _CheckHere
Instead, you can just replace all of the instances of %_CheckHere% with `%~1 instead, that would work just fine in the above examples too.
Okay, what if you just wanted to check the location the script was running in.
Then either change the above to use SET "_CheckHere=%~dp0" or Replace %_CheckHere% with %~dp0 throughout.
Okay but what if you don't want to set a variable you want to it to use the current working directory.
When then, even easier:
Jenkins_Current_Dir.bat
#(
SETLOCAL
ECHO OFF
SET "_Last="
)
REM Use a For loop to get everything in one variable
FOR %%A IN (
"*"
) DO (
SET "_Last=%%~fA"
)
ECHO.Found "%_Last%"
REM Use `FOR /F` with DIR, and let it append the current working directory to the path:
SET "_Last="
FOR /F "Tokens=*" %%A IN ('
DIR /A-D /B "*"
') DO (
SET "_Last=%%~fA"
)
ECHO.Found "%_Last%"
I have a path in variable (script parameter) %2.
I need to do the following:
Extract the leaf (last folder from the path) to a variable.
Run the following command: robocopy %2 \\somepath\%leaf
I was told this could be done in PowerShell (cause I've tried going with batch file alone and failed miserably) Here's a pseudocode representation of what I'd like to achieve:
set leaf = powershell -command (split-path %2 -leaf)
robocopy %2 \\somepath\%leaf
Any idea how to write this correctly?
Thank you.
Whenever you want to set a batch variable to the output of a command, use for /f. Here's an example:
#echo off
setlocal
set "psCommand=powershell -command "(split-path '%~2' -leaf)""
for /f "delims=" %%I in ('%psCommand%') do set "leaf=%%I"
echo %leaf%
But this is a terribly inefficient way to retrieve the last folder of a path. Instead of invoking PowerShell, what you should do is this:
#echo off
setlocal
for %%I in ("%~2") do set "leaf=%%~nxI"
echo %leaf%
The %%~dpnxI notation gets
d = drive
p = path
n = name
x = extension
It's traditionally intended for files, rather than directories; but it works just as well for directories anyway. See the last couple of pages of for /? in a console window for complete details.
FOR %%a IN ("%~2") DO FOR %%b IN ("%%~dpa.") DO ECHO %%~nxb
Batch one-liner. Take the parameter (second parameter here), remove any quotes and re-apply them. Select the drive and path, add '.' then select the name and extension of the result making leaf required.
Obviously, if you require this in a variable,
FOR %%a IN ("%~2") DO FOR %%b IN ("%%~dpa.") DO set "leaf=%%~nxb"
I am using the following command to dump the complete file listings recursively from a directory.
dir /b /s c:\myfolder > c:\mylist.txt
This works fine but it is display the results with the full path as well, beacuse I am using a regex expression on the results I need them to display only the filenames.
Anyone any ideas?
Kind of an old question but if someone stumbles across this hoping for an answer, perhaps this will help them out.
Running this from the windows command line (CMD.exe) use:
setlocal enabledelayedexpansion
for /f "delims=" %a in ('dir /b /s c:\myfolder"') do (#echo %~nxa >>c:\mylist.txt)
endlocal
Running this from a windows .BAT script use:
setlocal enabledelayedexpansion
for /f "delims=" %%a in ('dir /b /s c:\myfolder"') do (#echo %%~nxa >>c:\mylist.txt)
endlocal
The output might look something like this depending on what files are in the folder you're running the code in:
file1.fil
file2.fil
file3.fil
UNDERSTANDING WHAT THE CODE IS DOING
for /f
means to run a loop through files in this case using the dir /b /s command to help get those files names from directories (folders) and subdirectories (subfolders). As stated in the question, this will give you complete paths to the files. So instead of file.txt you will get C:\folder\file.txt.
"delims="
in this case tells the for loop that it wants the variable %a or %%a
to only have 1 folderpath and filename for every loop.
%a (CMD.exe) %%a (.BAT)
as mentioned above is a variable that changes with each loop. so
everytime the command dir /b /s finds a new filename the variable
%%a changes to the filename.
example:
Loop 1: %%a = c:\folder\file1.fil
Loop 2: %%a = c:\folder\file2.fil
dir /b /s
is the command to print out the files of a directory (folder). By
using the /b and /s the questioner is adding additional criteria.
the command dir not only prints out the files and directories
(folders) in that directory (folder) but also some additional
information about the directory.
the /b tells the command dir that it doesn't want the additional
information.. just the filenames.
The /s tells the command dir to include all the files and
subdirectories (subfolders) in that folder.
do
is the part of the loop that tells what to do during that particular
loop. So in this case it is only doing this one command every loop
(#echo %%~nxa >>c:\mylist.txt)
#echo
is a simple command that prints out whatever you want either to your
computer screen or in this case to a txt file by using #echo %%~nxa
>>c:\mylist.txt
the >> before c:\mylist.txt is especially important. Every time a
loop happens it starts a new line in the txt file and writes the
variable to that line. If only one > is specified it will overwrite
the line in the txt file everytime the loop happens. Which will
defeat the purpose of what this script is designed to do.
%~nxa (CMD.exe) %%~nxa (.BAT)
is the variable %%a as mentioned above except it is parsed (edited)
out the way the questioner #fightstarr20 asked for. Instead of
printing out the variable as C:\myfolder\myfile.fil the variable
will print out as myfile.fil
the ~ in %%~nxa tells the program you want to modify the variable
%%a. In this case by adding n and x.
the n in %%~nxa tells the program you want to modify the variable %%a by
excluding the path from the variable.
example.
-variable %%a = C:\folder\filename.fil
-variable %%~na = filename.
-If you notice however that it leaves the extension .fil off of the filename.
the x in %%~nxa tells the program you want to modify the variable %%a
by excluding the path and the filename from the variable, so all you will get is the extension of the filename.
example.
-variable %%a = C:\folder\filename.fil
-variable %%~xa = .fil
so if you combine both of the modifiers n and x to the variable %%a
you will get the full filename including the extension.
example:
-variable %%a = c:\folder\filename.fil
-variable %%~nxa = filename.fil
setlocal enabledelayedexpansion
explained simply is a command that needs to be in the script before
the for loop in order to allow the variable %%a to be modified or "expanded".
endlocal
this turns off the setlocal enabledelayedexpansion command
To get a very helpful explanation and reference for CMD commands I recommend reading ss64.com and for a great forum to get CMD answers I'd recommend dostips.com
Change your regex to get the filename from the entire path.
If you can use powershell, look at Get-ChildItem. You can have more powerful options with it.
Use it like this
dir /b /s C:\myfolder>C:\temp.txt
echo exit>>C:\temp.txt
goto loop
:loop
set /p _x=<temp.txt
findstr /v /c:"%_x%" temp.txt>temp2.txt
type temp2.txt>temp.txt
set _x=%_x:*\=%
echo %_x%>file.txt
if "%_x%" == "exit" (
del temp.txt
del temp2.txt
exit
)
goto loop
You can use for instead of goto if you like, but it will be basicaly the same.
Sorry about the last one...
I know I'm a bit late, but it hurts me that nobody said to take away the /s
dir /b c:\myfolder > c:\mylist.txt
That should do it.
This would surely work, as it works for me.
dir D:(Path to files) /s /b >d:\filelist.txt
You can just use this code:
dir /b > A_fileslist.txt
Copy inside a notepad editor and save as "Fileslist.bat".
REM Detect how many files are on the C: drive
dir /s /b C:\ |find /c "\" > NUMfiles.###
set /p count1=<NUMfiles.###
##### TEMP FILES DELETED HERE, RUN CCLEANER, RUN MBAM, ETC #####
REM Calculate Total Files Deleted
dir /s /b C:\ |find /c "\" > NUMfiles.###
set /p count2=<NUMfiles.###
set /a count3=%count1% - %count2%
echo Number of files removed: %count3%
This doesn't seem to be giving me an accurate reading. Can anyone help?
I do a manual check via command line using the 'dir /s /b C:\ |find /c "\"' before the script, and at the end. And the output from '%count3% isn't accurate from my subtraction from the manual checks. Hope you understand my question.
Yes, as snemarch montined, the fact that you list everything and temporary files could as well be added/deleted by another process meanwhile invalidate the entire effort.
On a side note, adding "/a-d" to the "dir" command would remove the directories from being listed, thus not needing VonC's "find /v "" addition to the process, if you insist on checking files only.
Could you not check file while they get deleted instead? Not sure what you use this for but you definately need to rethink the way from source, the deleting part.
My suggestion.
If you must iterate on the all content, this command line might be more precise to list the number of files (files, not directories):
dir /a /s /OG C:\ |find /v "<DIR>" | find /c "M "
Off course, this assume a dir does display 'AM ' or 'PM '.
If it does not, the following should works better:
dir /a /s /OG C:\ |find /v "<DIR>" | find /c "/"