Help me to create 2 patch files to set permissions on all drives


  1. leprince2007
    Posts : 12
    Windows 7 pro x64
       New #1

    Help me to create 2 patch files to set permissions on all drives


    I want to create a batch file to grant current user"Leprince2007" full access for all partitions "d-e-f-g-h"
    I put this code in ".bat" file.Is this right?
    Code:
    takeown /f D: /r /d y
takeown /f E: /r /d y
takeown /f F: /r /d y
takeown /f G: /r /d y
takeown /f H: /r /d y
    I want to create another patch file to block guest from opening partition "D" and grant him read-only access for other partitions "e-f-g-h"
    I put this code in ".bat" file.Is this right?
    Code:
    icacls D: /grant Guest:N /T​
icacls E: /grant Guest:R /T​
icacls F: /grant Guest:R /T​
icacls G: /grant Guest:R /T​
icacls H: /grant Guest:R /T​
    Questions:
    1-Please tell me if there is any mistakes in my codes
    2-Will the batch files apply all codes ?
    3-How can I run all the codes in the batch file at the same time?because every code takes a lot of time to accomplish the task
    Last edited by leprince2007; 01 Mar 2018 at 01:21.
      My Computer
    Quote Quote

  3. mrjimphelps
    Posts : 1,784
    Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
       New #2

    The "takeown" example looks good to me, although I've never used the takeown command. But I do have a huge amount of experience with batch files, and your batch file code looks good. I'm not sure about the icacls code.

    Wouldn't it be easier to create two user accounts, each with the desired access and limitations, with no password required on the guest account; and then make sure you log off when you leave the computer? In this way, the only thing a user other than you could do is log in as guest with the extremely limited rights.
      My Computer
    Quote Quote

  4. leprince2007
    Posts : 12
    Windows 7 pro x64
    Thread Starter
       New #3

    mrjimphelps said:
    The "takeown" example looks good to me, although I've never used the takeown command. But I do have a huge amount of experience with batch files, and your batch file code looks good. I'm not sure about the icacls code.

    Wouldn't it be easier to create two user accounts, each with the desired access and limitations, with no password required on the guest account; and then make sure you log off when you leave the computer? In this way, the only thing a user other than you could do is log in as guest with the extremely limited rights.
    But how can I do what I want using 2 accounts?
    Guest can add,delete,copy and move files
      My Computer
    Quote Quote

  6. TechnoMage2016
    Posts : 714
    Win 7 Pro, SP1, x86, Win-11/Pro/64
       New #4

    It's not always necessary to have 100% access to every file in the computer. But there are some files that you may want to have ready access to, especially if you're a programmer, guru, geek or just plain PC enthusiast.

    And I'm sure you meant "BATCH" files and not "patch" files. Eh? Just so we're on the same page and speaking the same language.

    But, since I'm a computer tech and I do have to work with a lot of files in the PC, especially in Windows 7,8.1 and 10, one of the very first things I do when setting up a new OS, is to install the "Grant Admin Full Control" program. Then I can right click on any file or folder and take ownership of it.
    It's a very simple program, easy to install and it's FREE! And it causes no problems with other programs on the PC. I call it "Take Ownership" on Steroids!

    Cheers mate!
    TechnoMage
      My Computer
    Quote Quote

  7. mrjimphelps
    Posts : 1,784
    Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
       New #5

    leprince2007 said:
    But how can I do what I want using 2 accounts?
    Guest can add,delete,copy and move files
    First, you do what TechnoMage suggested - log in as administrator, and take administrative control of all folders. My thought is that by doing this, the administrator account you are logged in on will then own all folders, and no one else will. In other words, you will block all other users from being able to access any folders.

    If this is correct, then all you need to do after that is give the desired access to each user, because once you have taken away all access, the only thing that they will be able to access is what you specifically give them.

    This applies only to the data files. Don't take away anyone's access to their own user profiles.

    @TechnoMage2016, am I correct about this?
      My Computer
    Quote Quote

  8. TechnoMage2016
    Posts : 714
    Win 7 Pro, SP1, x86, Win-11/Pro/64
       New #6

    mrjimphelps said:
    First, you do what TechnoMage suggested - log in as administrator, and take administrative control of all folders. My thought is that by doing this, the administrator account you are logged in on will then own all folders, and no one else will. In other words, you will block all other users from being able to access any folders.
    If this is correct, then all you need to do after that is give the desired access to each user, because once you have taken away all access, the only thing that they will be able to access is what you specifically give them.
    This applies only to the data files. Don't take away anyone's access to their own user profiles.
    @TechnoMage2016, am I correct about this?
    I would hope that anyone using this forum would always be logged into their own PC as the Administrator. Eh? So that should go unsaid. Using "Grant Admin Full Control" goes beyond the control normally given to the normal "Administrator". For instance, just being the only user on a system, and having so called "Administrator Privileges" does not give me the rights I need to move, delete, or rename files considered to be "System files".

    Let me give an example: When installing Windows 10, I don't want 'Cortana' running in the background and scooping up info on me and reporting it to MS, as I've heard that it can and will. That's my personal preference! So after some experimenting, I found that if I just rename the 'Cortana.Core.dll' file to something like 'Cortana.Core.kkk' then the file cannot load and run and Cortana is subsequently disabled, without disabling any other programs that may also use some of the files related to Cortana.

    But it's a more or less Protected file, and until I take ownership of it, using Grant Admin Full Control, I can't do anything with it at all.
    So my process is to first navigate, with Windows Explorer, to the file, "C:\Windows\SystemApps\Microsoft.Windows.Cortana_CW5n1h2txyewy\Cortana.Core.dll"

    I then right click on the file and select Grant Admin Full control from the drop-down menu. Then I can right click on the file again and select "Rename" and change the extension to something non-executable.
    Now the file is effectively DEAD, and I no longer have Cortana running in the background.

    So I suggest that everyone who wants to fuss around with their computer, install the program "Grant Admin Full Control" and then only take ownership of those files you really need to have control over.
    It's counter productive, and very time consuming, to try to take ownership of the entire computer and all it's thousands of files.

    Just my thoughts.....

    Cheers Mates!
      My Computer
    Quote Quote

  10. mrjimphelps
    Posts : 1,784
    Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
       New #7

    Thanks for that explanation.

    A further question: How can the OP limit the guest user to read-only access for the drives he listed? I'm pretty sure that the guest user has read and write access by default to all drives and folders which are not (1) Windows system folders and (2) the folders in other users' profiles. So is there a way to restrict the guest user to read-only access for all of the drives and folders that aren't included in (1) and (2)?
      My Computer
    Quote Quote

  11. Barman58
    Posts : 31,250
    Windows 11 Pro x64 [Latest Release and Release Preview]
       New #8

    If you fully understand the whole concept of and have a good bit of experience with, the practical procedures you can set up any access system you wish, without the total destruction of the system security of the operating system. The way that XP was set-up was totally inadequate for the current security threats to each and every computer user.

    You should never run as the Full admin user (linux calls it Root access), for longer than the absolute minimum time possible to correct a serious access fault.

    If you revert the rights to those used in XP and run as administrator you are giving those full rights to lock, delete, or anything else, to each and every piece of malware that gets through your AV system. a virus or any other malware runs with the rights of the user logged in at the time of infection.

    Vista brought in the tokenized Admin user to replicate the system used by professional network systems admins - You run two accounts, one standard for use for all day to day work and one admin for the times when you are dealing with admin matters. This has been developed further in Windows 7 and more modern windows versions to deal with the threats to security in the current decade and century.

    If you need more access to system activities you elevate rights using Run as Administrator and OK the virtualized access.

    On a standard windows system, as designed, a guest account should only have access to files on the Users - Public - folders. you can then add access rights to folders on other drives required by selecting the root of the drive, (or any suitable sub branch), and add the Guest user to the list and allocate the access rights with read and navigate rights only and let these cascade down the tree. You may have issues where the Everyone user has rights greater than is needed for guest but the everyone right may be removed as long as you have already set up rights for admin accounts or even better the actual user who you will be specifically logged in as .

    It's not as simple as simply removing all the carefully set up safety and security built into the OS, and it will take a longer time to, learn the practical skills, and apply the rights manually, (or semi Auto), but it will produce a system that is less likely to fall apart
      My Computers
    Quote Quote

  12. mrjimphelps
    Posts : 1,784
    Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
       New #9

    Barman58 said:
    On a standard windows system, as designed, a guest account should only have access to files on the Users - Public - folders. you can then add access rights to folders on other drives required by selecting the root of the drive, (or any suitable sub branch), and add the Guest user to the list and allocate the access rights with read and navigate rights only and let these cascade down the tree. You may have issues where the Everyone user has rights greater than is needed for guest but the everyone right may be removed as long as you have already set up rights for admin accounts or even better the actual user who you will be specifically logged in as.
    That's what I wanted to know. Thank you.
      My Computer
    Quote Quote

 

  Related Discussions
What are These Windows Patch Files?
in Windows Updates & Activation

I was scanning my windows drive to see if I could get rid of unused files and I came across a very large folder (around 11gb) called c:/windows/installer and it contains many subfolders with around 3,000 files total. They are Windows Installer Package or Windows Installer Patch types. Are they...
I just did another fresh W7 install to be able to create a System Image. The creation of this went fine. I decided to look into the folder tree for WindowsImageBackup. I had to click CONTINUE when prompted that I did not have permission to view the folders. Now, when I go to restore, it...
My span is currently two 2TB and one 1TB disks. So I have a "virtual" 5TB hard drive. If I purchase a 4TB drive will Windows be able to add that to the span? I have a feeling since the 4TB drive needs to be partitioned as GPT (and the others don't) it might not work. Spans also require the...
Wondering if anyone in this forum can help me figure out what I am doing wrong with my script. I am grabbing a text file with a list of users in it. I want to then create folders for all those people and then set explicit permissions on those folders to only allow the users and admin access to it....
I'm running Win 7/64 Home Premium on my media PC with 7 USB drives, all connected via a powered hub. Whenever I reboot (warm or cold), the sharing permissions are lost, generally to all, although every so often one of the WD drives will maintain it (the Seagate ones always lose them). I've...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 07:19.
Find Us