s_Modify_Permissions

::Modify Permissions
:: Purpose:         Change Directory or File permissions using CACLS.
::                  Act as a wrapper for CACLS to allow quick permission
::                  changes, a bit like changing attributes with "A".
:: Author:          Andrew Penfold
:: Version:         2008-06-11 v0.1.2
:: ZTW ver:         1.71
:: OS version:      Windows XP SP3
:: Requires:        Windows 2000 or above, uses CACLS.exe
:: Usage:           1. Select the directory or file using the highlight bar.
::                  2. F9 --> Choose Modify Permissions from ZAM
::                  3. Enter account name to add/modify in the ACL - see notes
::                  4. Enter permission as N/R/W/C or F - see notes
:: Note:            * Several abbreviations are available for account name
::                    e.g. Users or U --> BUILTIN\Users
::                         John.Doe   --> %Local computer%\John.Doe
::                    Otherwise you can use Domain\User or User@Domain
::                  * CACLS is limited to a few "Permission groups"
::                    N - No access / Deny access
::                    R - Read (Read/Execute existing files/folders)
::                    W - Write (Create new files/folders)
::                    C - Change (Read/Write/Execute/Delete files/folders)
::                    F - Full Control (Read/Write/Execute/Delete/
::                        Change Permissions/Take Ownership)
::                    F includes RWC, C includes RW but W does not include R
::                    TO SIMPLIFY THINGS, IF YOU APPLY W, R IS APPLIED AS WELL
::                    If you specify no permission, you will get a help screen
::                  * Both CACLS.exe and XCACLS.exe - Resource Kit - have known
::                    limitations - google them!
::                    If you add an Access Control Entry, ACE to a folder that
::                    has it's inheritance flag set, sometimes that flag is
::                    cleared and the inherited permissions copied directly
::                    to the folder. Sub-folders sometimes do not inherit as
::                    expected after  using CACLS or XCACLS.
::                  * Use this script as a quick way to assign a permission
::                    or 2 without leaving Ztreewin.  Later, check the
::                    result of this using Explorer --> Sharing / Security
:: History:         2008-06-10 - v0.1.1 first version posted.
::                  2008-06-11 - v0.1.2 More account shortcuts added,
::                                      Creator owner now works.

::Requre command extensions
setlocal enableextensions enabledelayedexpansion
if "%CMDEXTVERSION%" == "" goto error1

::Require at least command extensions version 2
if not CMDEXTVERSION 2 goto error1

::#ZTExit
::#ZTSet Account Account (enter for current):
::#ZTSet Perm Permission (N/R/W/C/F):
SET ZTMode=File
::#ZTIfDir SET ZTMode=Dir

::Verify Account and apply some shortcuts
if "%Account%"=="" set Account=%USERDOMAIN%\%USERNAME%
::Groups
if /I "%Account%" EQU "Users" set Account=BUILTIN\Users&&goto account_ok
if /I "%Account%" EQU "U" set Account=BUILTIN\Users&&goto account_ok
if /I "%Account%" EQU "Power Users" set Account=BUILTIN\Power Users&&goto account_ok
if /I "%Account%" EQU "P" set Account=BUILTIN\Power Users&&goto account_ok
if /I "%Account%" EQU "Administrators" set Account=BUILTIN\Administrators&&goto account_ok
if /I "%Account%" EQU "A" set Account=BUILTIN\Administrators&&goto account_ok
if /I "%Account%" EQU "Everyone" set Account=Everyone&&goto account_ok
if /I "%Account%" EQU "E" set Account=Everyone&&goto account_ok
if /I "%Account%" EQU "Guests" set Account=BUILTIN\Guests&&goto account_ok
if /I "%Account%" EQU "G" set Account=BUILTIN\Guests&&goto account_ok
if /I "%Account%" EQU "Interactive" set Account=NT AUTHORITY\Interactive&&goto account_ok
if /I "%Account%" EQU "I" set Account=NT AUTHORITY\Interactive&&goto account_ok
if /I "%Account%" EQU "Terminal Server User" set Account=NT AUTHORITY\Terminal Server User&&goto account_ok
if /I "%Account%" EQU "T" set Account=NT AUTHORITY\Terminal Server User&&goto account_ok
if /I "%Account%" EQU "Backup Operators" set Account=BUILTIN\Backup Operators&&goto account_ok
if /I "%Account%" EQU "B" set Account=BUILTIN\Backup Operators&&goto account_ok
::Accounts
if /I "%Account%" EQU "System" set Account=NT AUTHORITY\System&&goto account_ok
if /I "%Account%" EQU "S" set Account=NT AUTHORITY\System&&goto account_ok
if /I "%Account%" EQU "Local Service" set Account=NT AUTHORITY\Local Service&&goto account_ok
if /I "%Account%" EQU "L" set Account=NT AUTHORITY\Local Service&&goto account_ok
if /I "%Account%" EQU "Network Service" set Account=NT AUTHORITY\Network Service&&goto account_ok
if /I "%Account%" EQU "N" set Account=NT AUTHORITY\Network Service&&goto account_ok
::Inheritance placeholders
if /I "%Account%" EQU "CREATOR OWNER" set Account=CREATOR OWNER&&goto account_ok
if /I "%Account%" EQU "C" set Account=CREATOR OWNER&&goto account_ok
if /I "%Account%" EQU "CREATOR GROUP" set Account=CREATOR GROUP&&goto account_ok

echo %Account% | find /c "\" >NUL
if errorlevel 1 (
	echo %Account% | find /c "@" >NUL
	if errorlevel 1 (
		set Account=%USERDOMAIN%\%Account%
	)
)
:account_ok

::Verify Perm
if /I "%Perm%" EQU "N" goto :perm_ok
if /I "%Perm%" EQU "R" goto :perm_ok
if /I "%Perm%" EQU "W" goto :perm_ok
if /I "%Perm%" EQU "C" goto :perm_ok
if /I "%Perm%" EQU "F" goto :perm_ok
goto error2
:perm_ok

::Prompt to confirm if user is setting permissions on a file instead of folder
set Confirm=
if "%ZTMode%"=="File" (
    echo WARNING: %1 is a file
	echo.
    set /p Confirm=Are you sure Y/N:
    if /I "!Confirm!" NEQ "Y" goto :eof
)

::Find owner of the file or folder
call :Get_Owner %1

::Check whether user will lock himself out of further permission changes
set Confirm=
if /I "%USERDOMAIN%\%USERNAME%" NEQ "%Get_Owner%" (
	if /I "%USERDOMAIN%\%USERNAME%" EQU "%Account%" (
		if /I "%Perm%" NEQ "F" (
			cacls %1
			echo WARNING: You are not the owner of the above %ZTMode%
			echo.
			echo After you make this change you MAY lose permission to make further changes to
			echo it's Access Control List, unless you are a member of one of the groups listed
			echo above that has "Full Control" or "Change Permissions"
			echo You would have to take ownership of it to remedy the situation
			echo.
			set /p Confirm=Are you sure Y/N:
			if /I "!Confirm!" NEQ "Y" goto :eof
		)
	)
)

::Change permission using CACLS
CACLS %1 /e /p "%Account%":%Perm%
if /I "%Perm%"=="W" CACLS %1 /e /g "%Account%":R

if errorlevel 1 pause
goto :eof

:error1
echo Command Extensions must be enabled!
echo CMDEXTVERSION = %CMDEXTVERSION%, need at least version 2.
pause
goto :eof

:error2
echo Permission must be one of the following permission groups:
echo N - No access / Deny access
echo R - Read (Read/Execute existing files/folders)
echo W - Write (Read/Execute existing files/folders, create new files/folders)
echo C - Change (Read/Write/Execute/Delete files/folders)
echo F - Full Control (Read/Write/Execute/Delete/Change Permissions/Take Ownership)
echo.
pause
goto :eof

:Get_Owner
@echo off
::Get the owner of a file or folder (apart from root folder)
set Get_owner=
for /f "tokens=4,* delims= " %%%%a in ('dir /a /q %%1\..') do (
	if /I "%%%%b" EQU "%%~nx1" set Get_Owner=%%%%a
)
exit /b