In October of last year, I updated ExFolders with a new Clear Permissions option in order to fix folders with non-canonical ACLs. I described that update in an old blog post you can find here: http://blogs.technet.com/b/bill_long/archive/2012/05/03/3460823.aspx.
Since then, one of the most requested features has been a way to run this on a whole subtree of folders. Unfortunately, it appears that customers are seeing ACL problems more often than I expected. So today, I’ve released a new build of ExFolders that includes a way to do this. In the latest version, when you go to Tools->Custom Bulk Operation and you hit Add, you’ll find an option to Clear Folder Permissions.
One of the reasons I didn’t add this feature initially is that it is such a destructive operation. Clearing the permissions on a whole tree of folders is not something to do casually without considering the consequences. In a mailbox, you are taking away permissions on folders that users have purposely shared out. In public folders, you are literally removing all access rights for everyone, making it impossible for your clients to access the public folders.
However, when you add the Clear Folder Permissions bulk operation, you’ll notice it has a checkbox, which is selected by default, called Restore previous permissions after clearing. When this is selected, ExFolders will clear the permissions and save those changes, and then it will attempt to set the permissions that were present before and save the changes again. This should allow it to fix non-canonical ACLs without requiring the administrator to set all the permissions back the way they were before.
Of course, as with any bulk permissions change, it’s a good idea to take a permissions export first just in case something goes wrong. However, I expect this option will make importing after a mass Clear Permissions unnecessary in most cases. And because this option is selected by default, I’m hoping that if someone accidentally runs this against a set of folders, the impact will be minimal.