Changing permissions on several folders

Today's tweet reminded me of a large issue I tackled last year working with folder permissions which were improperly setup. There were over 3000 user profile folders with the User group with inherited read.

Basically, I tackled it as such:
1. Run ICACLS to remove inheritance on the folders and setup proper permissions.
2. Remove undesirable permissions on the root folder via the NAS command-line, setting up proper permissions for newly created folders.

This worked really well, and I was able to multi-thread several scripts running on different groups of user folders. It took a few days, but we got the errant folder settings corrected, without service interruption.