Question

Filesyetemobject get folder size permissions problem

Asked by: marklye

Hi experts

I have a vbscript written that gathers directory sizes.  My problem is if I am trying to get the size of a directory, and I dont have NTFS permissions to one of its sub directories or files, the script fails with Permission Denied.  Fair enough really!  A simple version of code is:

set fso=createobject("scripting.filesystemobject")
set getfol=fso.getfolder("\\SERVER1\E$\FOLDER")
wscript.echo getfol.Size

But my question is, I have installed TreeSize (http://www.jam-software.com/treesize/), and that is able to iterate through the directory structure, regardless of permissions.  How does it do it???  I am domain admins for my domain, and cannot even UNC to some directories that TreeSize is able to view

It must be using some system account of sorts?  How can I run my script using the permissions that TreeSize uses?

I have tried numerous ways of running my script, including runas command, creating a scheduled task to run under NTAUTHORITY account, I have tried running on the actual server Im trying to interogate and more.   Help!

Thanks a million
Mark

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-09-02 at 01:32:17ID23695209
Tags

vbscript visual basic .net

Topics

Programming Languages

,

Visual Basic Programming

,

VB Script

Participating Experts
3
Points
125
Comments
18

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. VBScript questions - createobject
    1) The following statement works in an ASP Set oRead = CreateObject("MSWC.IISLog") 2) When I convert it to a VBScript file and execute it on the command line with the vbs extensions, the following error message is returned: "object required Server" M...
  2. Permission Denied: 'CreateObject'!
    Hello, I have an ASP site that generates Excel reports. In fact I am using the "Excel.Application". I can generate the reports without any problems on my development machine. But one of the test servers failed to do that, I am getting the following error: Error Typ...
  3. VBS Script  Microsoft VBScript runtime error: Permission d…
    I created a small vbs script as per below, it resides on a 2003 Terminal server. i can run the script without issue and so could the receptionist. However now when the receptionist runs it she gets the following message: X:\directory\rename.vbs(3, 1) Microsoft VBScript runti...
  4. Comspec to Wscript.echo
    Is there a way I can output a command from the command line to a window using wscript.echo? I tried the code below, but it returns a value of 0. Is this possible?
  5. vbscript getting permission denied error when checking fold…
    I have a simple vbscript that checks folder size of given folder. It works fine on a local folder, but gives a permission denied error on some network folders. If I use Windows to get the folder size (right click > properties) it works fine. The folder that I am checking i...
  6. VBScript to modify permissions
    I am attempting to create a script to modify the permissions of existing folders. These folders are scattered throughout the hard drive and can be anywhere. The objective is to find all folders named 'Obsolete Drawings', and add deny permissions for the group 'DeniedAcces...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: merowingerPosted on 2008-09-02 at 01:43:10ID: 22365200

Hi marklye,

i don't know if this will work, but the commandline tool schtasks.exe can create scheduled tasks which run in context from the useraccount "local system"

best regards
merowinger

SCHTASKS /CREATE /RU System /SC ONCE /ST 10:45:00 /TN "Test" /TR "C:\yourscript.vbs"

                                              
1:

Select allOpen in new window

 

by: marklyePosted on 2008-09-02 at 02:20:15ID: 22365389

Hi merowinger

Thanks for reply.  No joy, I have tried by running under system account using both schtasks and the AT command.  Both do not work

Also, I forgot to add, these servers are on different active directory domain. Could there be some group policy treesize adds itself in to??  Seems strange though

Cheers
Mark

 

by: merowingerPosted on 2008-09-02 at 02:25:53ID: 22365428

 

by: c0ldfyr3Posted on 2008-09-02 at 02:28:54ID: 22365444

Have you considered the thought that maybe TreeSize goes down the tree first and gets the sizes of each of the lowest level folders and works it's way back up, ignoring folders it has no access to? I imagine this is what it does, as if you just try and get the size of the topmost folder you'll get a permission denied error straight away.

 

by: marklyePosted on 2008-09-02 at 02:38:20ID: 22365500

merowinger

cmdassys.exe - is the same as running a scheduled task under SYSTEM account
diruse - I can give it a go, but even running a simple dir command under system account does not work

c0ldfyr3

Yes I have consider this. However, when you view through the GUI, you can navigate to the directories, and view the contents of directories that I have no permission to, so it does capture it all.  I have changed my script too so when it comes across a permission denied error, it will start burrowing to the next level, and keep on trying to get directory size until it can go no further, and when I compare total size between my script and treesize, treesize collects much more.

Thanks!

 

by: merowingerPosted on 2008-09-02 at 02:41:17ID: 22365523

marklye,

i think important with this cmdassys.exe is the interactive session!

merowinger

 

by: marklyePosted on 2008-09-02 at 03:06:48ID: 22365666

Hi merowinger

It doesnt seem to run on my W2K3 Server.  And its not in an encrypted directory as per release notes:

-> Windows 2000 (+later) user: Note, that the SYSTEM account
won't know your hash, so if you store the program in an
encrypted directory, the service cannot be started ;)

I have tried creating a scheduled tasks using interactive flag, but it does not allow for System account....

 

by: merowingerPosted on 2008-09-02 at 03:23:50ID: 22365775

marklye,

hmm maybe with wmi it's working...
http://www.microsoft.com/technet/scriptcenter/resources/qanda/nov04/hey1118.mspx

merowinger

 

by: marklyePosted on 2008-09-02 at 03:29:38ID: 22365800

Already seen that article, which admits WMI doesnt work for this purpose:

Unfortunately, this script wont do you any good, not because of any problem with the scripting code or the scripting syntax, but simply because the FileSize property doesnt work. It doesnt matter what folder you connect to and it doesnt matter whether the folder is on the local computer or a remote computer: the FileSize will always come back Null.

And then it suggests file system object...

 

by: merowingerPosted on 2008-09-02 at 03:31:56ID: 22365812

marklye,

ok i understand...atm i see no option :/

merowinger

 

by: grayePosted on 2008-09-02 at 10:19:48ID: 22369373

An application can temporarily disable NTFS permissions by enabling the SeBackupPrivilege privilege.   That's how your backup program is able to read files that it otherwise would not have permissions to do so.  Obviously, you'd need to be in the local Administrators group to enable this privilege

http://msdn.microsoft.com/en-us/library/aa446619.aspx

If you're interested, I've got a VB.Net example on how to set this privilege...

 

by: marklyePosted on 2008-09-02 at 10:30:52ID: 22369485

Hi graye

Ok, this looks very interesting!  A load of questions if you dont mind!

1)If Im reading the example right, would this have to be run on the server that Im trying to interrogate?
2) Would this privilege have to be set on each server it interrogates or only on the server it is being run from?
3) Does this enable these powerful privileges for every user?  Or purely the account running the script?  Or can you set that?
4) Would the flow be a) set privilege b) run script c) remove privilege?

Sorry for all the q's, just trying to get my head round it

Thanks
Mark

 

by: grayePosted on 2008-09-02 at 11:08:41ID: 22369822

1) The privilege is based upon the user account, not the PC.   So, I usually just set it at both the local PC and the remote PC

2) Yes, each server and the "local" PC

3) Whoa...  that's a privilege that you only set via a program (not like an item in SECPOL.MSC)... and you'd only do that temporarily.   So, only user accounts that are in the Administrators group (on both system, if you're doing it my way) are eligible for this elevated privilege.    So, the acount used would typically be in the Domain Admin group.

4) The privilege is not "transferable".... so that means you can not grant that privilege and then use it to launch another application.   So, I rather doubt you'd be able to run a script (as that's another application).   Instead, you'd have to write your own application (perhaps in VB.Net?) to perform the functions that are currently beign performed by the script

 

by: marklyePosted on 2008-09-02 at 11:31:34ID: 22370062

Ok thanks a million for this.  Soudsn great.  I would be really interested if I  could see that VB .NET example I could work from?  Have done quite a bit of VB .NET so happy to write the whole program in this

Thanks again
Mark

 

by: grayePosted on 2008-09-02 at 13:21:06ID: 22371278

Okey dokey... here is the VB.Net example:

Imports System
Imports System.Diagnostics
Imports System.Runtime.InteropServices
 
Class SetPrivileges
 
#Region "API Region"
    <StructLayout(LayoutKind.Sequential, Pack:=4)> _
    Private Structure LUID_AND_ATTRIBUTES
        Dim Luid As Long
        Dim Attributes As Integer
    End Structure
 
    <StructLayout(LayoutKind.Sequential, Pack:=4)> _
    Private Structure TOKEN_PRIVILEGES
        Dim PrivilegeCount As Integer
        Dim Privilege As LUID_AND_ATTRIBUTES
    End Structure
 
    'BOOL OpenProcessToken(
    '  HANDLE ProcessHandle,
    '  DWORD DesiredAccess,
    '  PHANDLE TokenHandle
    ');
    Private Declare Function OpenProcessToken Lib "advapi32.dll" ( _
        ByVal ProcessHandle As IntPtr, _
        ByVal DesiredAccess As Integer, _
        ByRef TokenHandle As IntPtr _
    ) As Boolean
 
    'BOOL LookupPrivilegeValue(
    '  LPCTSTR lpSystemName,
    '  LPCTSTR lpName,
    '  PLUID lpLuid
    ');
    Private Declare Auto Function LookupPrivilegeValue Lib "advapi32.dll" ( _
        ByVal lpSystemName As String, _
        ByVal lpName As String, _
        ByRef lpLuid As Long _
    ) As Boolean
 
    'BOOL AdjustTokenPrivileges(
    '  HANDLE TokenHandle,
    '  BOOL DisableAllPrivileges,
    '  PTOKEN_PRIVILEGES NewState,
    '  DWORD BufferLength,
    '  PTOKEN_PRIVILEGES PreviousState,
    '  PDWORD ReturnLength
    ');
    Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" ( _
        ByVal TokenHandle As IntPtr, _
        ByVal DisableAllPrivileges As Boolean, _
        ByRef NewState As TOKEN_PRIVILEGES, _
        ByVal BufferLength As Integer, _
        ByVal PreviousState As IntPtr, _
        ByRef ReturnLength As Integer _
    ) As Boolean
 
    Const TOKEN_QUERY As Integer = &H8
    Const TOKEN_ADJUST_PRIVILEGES As Integer = &H20
    Const SE_BACKUP_NAME As String = "SeBackupPrivilege"
    Const SE_PRIVILEGE_ENABLED As Integer = &H2
#End Region
 
    Public Function SetPrivileges(ByVal RemotePC As String) As Boolean
        Dim hProc, hToken As IntPtr
        Dim luid_Backup As Long
        Dim len As Integer
        Dim tp As New TOKEN_PRIVILEGES
 
        ' get the current process's token
        hProc = Process.GetCurrentProcess().Handle
        hToken = IntPtr.Zero
        If Not OpenProcessToken(hProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken) Then
            Return False
        End If
 
        ' get the LUIDs for the Backup privileges (provided it already exist)
        luid_Backup = 0
        If RemotePC = "" Then
            If Not LookupPrivilegeValue(Nothing, SE_BACKUP_NAME, luid_Backup) Then
                Return False
            End If
        Else
            If Not LookupPrivilegeValue(RemotePC, SE_BACKUP_NAME, luid_Backup) Then
                Return False
            End If
        End If
 
        tp.PrivilegeCount = 1
        tp.Privilege.Luid = luid_Backup
        tp.Privilege.Attributes = SE_PRIVILEGE_ENABLED
 
        ' enable the privileges
        If Not AdjustTokenPrivileges(hToken, False, tp, 0, IntPtr.Zero, len) Then
            Return False
        End If
 
        Return True
    End Function
 
End Class

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:

Select allOpen in new window

 

by: marklyePosted on 2008-09-03 at 08:33:11ID: 22378363

Thanks very much for this graye

Quick question before I assign you points!  Do the privilege automatically get removed when the process dies?  If it doesnt, would I need to add a identical function to "Public Function SetPrivileges(ByVal RemotePC As String) As Boolean", except change the AdjustTokenPrivileges calling statement to TRUE such as:

Thanks again

        ' enable the privileges
        If Not AdjustTokenPrivileges(hToken, True, tp, 0, IntPtr.Zero, len) Then
            Return False
        End If

                                              
1:
2:
3:
4:

Select allOpen in new window

 

by: grayePosted on 2008-09-03 at 11:05:05ID: 22379969

That's correct... by it's very nature, it's very temporary.   When the process ends, the privilege is no longer present

That's correct, I didn't include a RemovePrivileges function in my example... it would be essentially the same except for the SE_PRIVILEGE_DISABLED = 0 constant.

 

by: marklyePosted on 2008-09-03 at 11:41:16ID: 31492265

Excellent, all really good answers and end solution.  Thanks again

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...