We help IT Professionals succeed at work.

Set Folder Permissions using Script (VBScript, WSH,etc)

wilkersons asked
Last Modified: 2013-12-04
Hi all,
I need to create a script, which can create folders and set these folders permissions to the appropriate users either read/write/etc. I used vbscript for creating the folders, but the folders created inherit the permissions of the parent directory and i want to change them.
Any help would be greatly appreciated
Watch Question

James RankinMedia Hound

Don't know how to do it in VB, but use cacls (standard install), xcacls (Resource Kit) or supercacls (http://www.trustedsystems.com/scacls.htm) to manipulate the permissions from a batch command. You can call the batch from VB quite easily. If you replace the ACL on the root it will override the inherited permissions from the parent.

This can be done via Windows Management Instrumentation (WMI)...  There is an example script at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/setsecuritydescriptor_method_in_class_win32_logicalfilesecuritysetting.asp

However, I'd tend to agree with kz20fl...  The command-line utilities are well suited for a "casual" script


Hi..I was able to manipulate the folder permissions using cacls & xcacls, but i am not able to call the batch file from vb. I have just started using these scripts, and trying to learn, so please do bear with me for some dumb questions.

On the other hand I was reseaching for more information on setting folder permissions and found an article from http://support.microsoft.com/default.aspx?scid=kb;en-us;266461 I tired using it, but before i could start using it, i need to register ADsSecurity.dll. I keep getting the error "LoadLibrary("ADsSecurity.dll") failed: The specified module could not be found". I am on a windows xp m/c,with windows 2000 network. I do not have the Resource Kit installed. Where can I download it?

Thanks for your help in advance



There are a lot of problems with using the ADsSecurity.dll on the NTFS file system... (it was designed for setting permissions on Active Directory objects).  It does not correctly set the order of the Access Control Entries and does not support directory inheritance.  Yes, these issues can be overcome with additional code... but it's probably not worth it in your case (a script file)

When it comes to working with setting NTFS access permission, there are 4 generally acceptable methods to use... Use Windows Management Instrumentation (WMI), Use the ADsSecurity.dll from the ASDI SDK, use the low-level APIs, or use the high-level APIs.

Each techinque has it's strengths and weakness... WMI is clumbsy, somewhat bloated, and slow; ADsSecurity doesn't order the ACEs correctly and is slow; the low-level API are fast but tedious and have the same ordering problem.  That leaves the high-level APIs as the choice that most programmer's use (although it's weakness, is that it only works with Win2k and above).

This DLL file is part of the Active Directory Software Development Kit (SDK)... so if *really* want to get it, it's at <hey, I can't find it>

This is how to remedy the inheritance issue http://support.microsoft.com/default.aspx?scid=kb;en-us;266461
This is how to remedy the order issue http://support.microsoft.com/default.aspx?scid=kb;en-us;269159

Found it!  http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp


Hi graye, Thank you very much for your quick response. That helps a lot. I do not necessarily have to use ADSI SDK. I am exactly creating a user interface, where you can enter a username and click a button, it should create a user in the Active directory,create a folder giving the new user full permissions to the new folder created. I was able to create a user and create a new folder using vbscript. And now with 'kz20fl' suggestion, i could assign the necessary folder permissions, using xcacls. But i am having difficulty in calling this batch script into the vbscript.

call perms("cmd.exe",1, True)

Please correct me if i am wrong with the syntax i used in calling the batch script "perms.bat"

The ADSI25 link does not have ADSI SDK for windows xp.


I am sorry..I was wrong about the ADSI25 link.
This one is on us!
(Get your first solution completely free - no credit card required)


Hi graye, It works great. I suppose we can use all the DOS commands in the WScript shell.
Thank you. All your input has helped me grow a lot wiser on scripting.

Just for clarification...

Net.exe is not a built-in command (like CD or DIR)... it is a normal 32bit executable program that just so happens to be a console application instead of a windows application.

The wsh.Shell() function is the "heavy-weight" function... it brings in the user's environment (like the PATH variable and the concept of the Current Directory).  It also allows you to open a document via it's file extentions... for example, wsh.shell("Document1.doc") would launch Microsoft Word.  It is well suited for launching other 32-bit windows-style applications.

The wsh.Run() function is the "light weight" version... it does not support the the users environment nor the "document invocation" tricks.  However, it does allow you a finer-grained control over the process (which includes the redirection of the "standard out", which is what you wanted).  It is well suited for launching other 32-bit console-style applications.


Hi graye.Thank you. wsh.Run() suits my needs perfectly. But i am having problems when i supply the username using a variable. No errors, but doesn't change the permissions. When i use absolute value, instead of variable, it works.


Set wsh = CreateObject("WScript.Shell")
wsh.run "xcacls /t /g Domain\"&contractor&":f /y",7,True

Any suggestions/ideas where i am doing wrong.

That looks good to me.... perhaps only the presence of spaces before and after the & symbol ?  (just a guess)

wsh.run "xcacls /t /g Domain\" & cotractor & ":f /y",7,True
                                           ^^^          ^^^

If that doesn't work, then store the command line in a string varible first

comand_string = "xcacls /t /g Domain\" & cotractor & ":f /y"
wsh.run command_string, 7, True


Finally it works now. And now i am doing some validation checks.
In the same script i create a user in the active directory services, create a folder and then assign the new user to the new folder.  I inserted a do..while loop for 1000, just to wait untill the user and the folder are created, before the permissions can apply. It did work, but i wonder if that is a good practice.
Better sleep! ;)

WScript.Sleep 1000

Hello All,

              I want to write a vb script for checking write permission on whole C-drive and also want to log the path where write permission is there to a text file..

              Hope anyone can help me with script. As I am new to it.

Hoping for best .....

Pralay Desai

pralay, you're suppose to create a new question, rather than ask your question as a "add on" to some other existing question.

But, that said...

Tell us what you're trying to do...  what do you mean by "check write permission"?   Are you saying that you want to look at the entire C drive and find those files where a specific user has write permission?   Or are you saying that you want to record all of the permissions in a text file?

Hello Graye,

                  I created new question as I realised it. You can find it under security section and with subject "check write permission on c: drive on win xp".

Hoping for your answer as its bit urgently required.

Pralay Desai
I am desperate for an answer:

I posted my question here....


 Question Title: Create NEW Folder from Script
asked by tqtclipper on 07/08/2005 12:09PM ADT  
This question is worth  250 Points  

I have some folders on a server (2003) with XP client. I need to create 2000 folders with "last name, first name and employee number (unique)" as the file name. Is there anyway to write a script to create the folders?

Any advice on this is greatly appreciated.


Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.