Link to home
Start Free TrialLog in
Avatar of wilkersons
wilkersons

asked on

Set Folder Permissions using Script (VBScript, WSH,etc)

Hi all,
I need to create a script, which can create folders and set these folders permissions to the appropriate users either read/write/etc. I used vbscript for creating the folders, but the folders created inherit the permissions of the parent directory and i want to change them.
Any help would be greatly appreciated
Sunil
Avatar of James Rankin
James Rankin
Flag of United Kingdom of Great Britain and Northern Ireland image

Don't know how to do it in VB, but use cacls (standard install), xcacls (Resource Kit) or supercacls (http://www.trustedsystems.com/scacls.htm) to manipulate the permissions from a batch command. You can call the batch from VB quite easily. If you replace the ACL on the root it will override the inherited permissions from the parent.
This can be done via Windows Management Instrumentation (WMI)...  There is an example script at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/setsecuritydescriptor_method_in_class_win32_logicalfilesecuritysetting.asp

However, I'd tend to agree with kz20fl...  The command-line utilities are well suited for a "casual" script
Avatar of wilkersons
wilkersons

ASKER

Hi..I was able to manipulate the folder permissions using cacls & xcacls, but i am not able to call the batch file from vb. I have just started using these scripts, and trying to learn, so please do bear with me for some dumb questions.

On the other hand I was reseaching for more information on setting folder permissions and found an article from http://support.microsoft.com/default.aspx?scid=kb;en-us;266461 I tired using it, but before i could start using it, i need to register ADsSecurity.dll. I keep getting the error "LoadLibrary("ADsSecurity.dll") failed: The specified module could not be found". I am on a windows xp m/c,with windows 2000 network. I do not have the Resource Kit installed. Where can I download it?

Thanks for your help in advance

Sunil
Stop!

There are a lot of problems with using the ADsSecurity.dll on the NTFS file system... (it was designed for setting permissions on Active Directory objects).  It does not correctly set the order of the Access Control Entries and does not support directory inheritance.  Yes, these issues can be overcome with additional code... but it's probably not worth it in your case (a script file)

When it comes to working with setting NTFS access permission, there are 4 generally acceptable methods to use... Use Windows Management Instrumentation (WMI), Use the ADsSecurity.dll from the ASDI SDK, use the low-level APIs, or use the high-level APIs.

Each techinque has it's strengths and weakness... WMI is clumbsy, somewhat bloated, and slow; ADsSecurity doesn't order the ACEs correctly and is slow; the low-level API are fast but tedious and have the same ordering problem.  That leaves the high-level APIs as the choice that most programmer's use (although it's weakness, is that it only works with Win2k and above).

This DLL file is part of the Active Directory Software Development Kit (SDK)... so if *really* want to get it, it's at <hey, I can't find it>

This is how to remedy the inheritance issue http://support.microsoft.com/default.aspx?scid=kb;en-us;266461
This is how to remedy the order issue http://support.microsoft.com/default.aspx?scid=kb;en-us;269159
Hi graye, Thank you very much for your quick response. That helps a lot. I do not necessarily have to use ADSI SDK. I am exactly creating a user interface, where you can enter a username and click a button, it should create a user in the Active directory,create a folder giving the new user full permissions to the new folder created. I was able to create a user and create a new folder using vbscript. And now with 'kz20fl' suggestion, i could assign the necessary folder permissions, using xcacls. But i am having difficulty in calling this batch script into the vbscript.

call perms("cmd.exe",1, True)

Please correct me if i am wrong with the syntax i used in calling the batch script "perms.bat"

The ADSI25 link does not have ADSI SDK for windows xp.
I am sorry..I was wrong about the ADSI25 link.
ASKER CERTIFIED SOLUTION
Avatar of graye
graye
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi graye, It works great. I suppose we can use all the DOS commands in the WScript shell.
Thank you. All your input has helped me grow a lot wiser on scripting.
Just for clarification...

Net.exe is not a built-in command (like CD or DIR)... it is a normal 32bit executable program that just so happens to be a console application instead of a windows application.

The wsh.Shell() function is the "heavy-weight" function... it brings in the user's environment (like the PATH variable and the concept of the Current Directory).  It also allows you to open a document via it's file extentions... for example, wsh.shell("Document1.doc") would launch Microsoft Word.  It is well suited for launching other 32-bit windows-style applications.

The wsh.Run() function is the "light weight" version... it does not support the the users environment nor the "document invocation" tricks.  However, it does allow you a finer-grained control over the process (which includes the redirection of the "standard out", which is what you wanted).  It is well suited for launching other 32-bit console-style applications.
Hi graye.Thank you. wsh.Run() suits my needs perfectly. But i am having problems when i supply the username using a variable. No errors, but doesn't change the permissions. When i use absolute value, instead of variable, it works.

contractor="Template"
path="c:\Test\"

Set wsh = CreateObject("WScript.Shell")
wsh.run "xcacls /t /g Domain\"&contractor&":f /y",7,True

Any suggestions/ideas where i am doing wrong.
That looks good to me.... perhaps only the presence of spaces before and after the & symbol ?  (just a guess)

wsh.run "xcacls /t /g Domain\" & cotractor & ":f /y",7,True
                                           ^^^          ^^^

If that doesn't work, then store the command line in a string varible first

comand_string = "xcacls /t /g Domain\" & cotractor & ":f /y"
wsh.run command_string, 7, True

Finally it works now. And now i am doing some validation checks.
In the same script i create a user in the active directory services, create a folder and then assign the new user to the new folder.  I inserted a do..while loop for 1000, just to wait untill the user and the folder are created, before the permissions can apply. It did work, but i wonder if that is a good practice.
Better sleep! ;)

WScript.Sleep 1000
Hello All,

              I want to write a vb script for checking write permission on whole C-drive and also want to log the path where write permission is there to a text file..


              Hope anyone can help me with script. As I am new to it.

Hoping for best .....

Regards,
Pralay Desai
pralay, you're suppose to create a new question, rather than ask your question as a "add on" to some other existing question.

But, that said...

Tell us what you're trying to do...  what do you mean by "check write permission"?   Are you saying that you want to look at the entire C drive and find those files where a specific user has write permission?   Or are you saying that you want to record all of the permissions in a text file?
Hello Graye,

                  I created new question as I realised it. You can find it under security section and with subject "check write permission on c: drive on win xp".

Hoping for your answer as its bit urgently required.

Regards,
Pralay Desai
I am desperate for an answer:

I posted my question here....

https://www.experts-exchange.com/questions/21484539/Create-NEW-Folder-from-Script.html

 Question Title: Create NEW Folder from Script
asked by tqtclipper on 07/08/2005 12:09PM ADT  
This question is worth  250 Points  
 


I have some folders on a server (2003) with XP client. I need to create 2000 folders with "last name, first name and employee number (unique)" as the file name. Is there anyway to write a script to create the folders?

Any advice on this is greatly appreciated.

Thanks
TCLIP