Having recently purchased a new server to host some client sites on, I wanted to setup an easy way to set the Umbraco folder permissions.

After a quick search, I came across a couple of great posts by Chris Houston, “Umbraco directory permissions | umbPermissions Script” and “Using the Windows Explorer Context Menu to reset Umbraco Directory Permissions“.

Ordinarily, I’d just set things up as Chris suggested and be done, but I have a real pet peeve of not wanting to install things on my server that I really don’t need to. Now, I couldn’t find an alternative to using SetACL, so that was ok to stay, but as good as it is, I really didn’t like the idea of installing the File Menu Tools app on my server.

After another quick search, I came across a post on Microsofts forums on how to add a batch file to the context menu by modifying the registry, so decided to go this route instead. What follows are instructions on how to do the same.

As per Chris’ post, you’ll want to start by installing SetACL (I’ll assume you’ve set this up in a folder called “SetACL” directly on your C drive) as well as grabbing a copy of Chris’ script and saving it in the same folder (I’ll assume you’ve named this “SetUmbracoPermissions.bat“).

Now, my method works in a slightly different way to Chris’, so you will need to make a few alterations to Chris’ script to get it to work. With Chris’ method, the path to the root direcory is passed in to the batch file as a parameter, whereas in my method, the batch file gets run as if you had called it from the root directory itself. To compensate for this, you’ll need to set the full path to the SetACL executable, and change the target paths to grab the current directory dynamicly, as follows:

C:\SetACL\SetACL.exe -on "%CD%\web.config" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\bin" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\config" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\css" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\data" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\masterpages" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\scripts" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\umbraco" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\umbraco_client" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\usercontrols" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"
C:\SetACL\SetACL.exe -on "%CD%\xslt" -ot file -actn ace -ace "n:%computername%\NETWORK SERVICE;p:full"

Once you have this setup, you can then add the context menu item by adding the following registry key:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\Background\shell\Set Umbraco Permissions]

[HKEY_CLASSES_ROOT\Directory\Background\shell\Set Umbraco Permissions\command]
@="C:\\SetACL\\SetUmbracoPermissions.bat"

Tip: If you copy the above to a text file, and save it with a .reg extension, you can simply double click it to add the registry entry

Once that’s setup, you should now be able to right click within the root of a site and select “Set Umbraco Permisions” to automatically setup the relevant Umbraco folder permissions.

UPDATE – August 2, 2010 15:17

Ain’t it always the way, as soon as you publish your solution, someone comes up with a better one =)

Thanks to Sebastiaan Janssen and Ove Anderson there is now an even simpler solution.

Simply copy this script: (I slightly modified version from this wiki page to allow it to be called from the context menu)

icacls %1 /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\app_code /grant "NETWORK SERVICE":(OI)(CI)RX
icacls %1\app_browsers /grant "NETWORK SERVICE":(OI)(CI)RX
icacls %1\app_data /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\bin /grant "NETWORK SERVICE":(OI)(CI)R
icacls %1\config /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\css /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\data /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\masterpages /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\media /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\python /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\scripts /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\umbraco /grant "NETWORK SERVICE":(OI)(CI)R
icacls %1\usercontrols /grant "NETWORK SERVICE":(OI)(CI)R
icacls %1\xslt /grant "NETWORK SERVICE":(OI)(CI)M
icacls %1\web.config /grant "NETWORK SERVICE":(OI)(CI)M

And drop it in the following location:

C:\Users\[YOUR_USERNAME]\AppData\Roaming\Microsoft\Windows\SendTo\SetUmbracoPermissions.bat

Then you should now be able to right click on the root folder, and select “Send to > SetUmbracoPermissions.bat” to setup the relevant permissions.

As noted on the wiki page, if you are using Windows Server 2008, you’ll need to change NETWORK SERVICE, to your app pools identity. If you want to make it more reusable though, you could just change it to IIS_IUSRS instead, which would allow all app pool identities to have access. A little less secure, but it means you can use the same script on any directory.