We help IT Professionals succeed at work.

Set Folder Permissions using Script (VBScript, WSH,etc)

wilkersons
wilkersons asked
on
Medium Priority
119,288 Views
Last Modified: 2013-12-04
Hi all,
I need to create a script, which can create folders and set these folders permissions to the appropriate users either read/write/etc. I used vbscript for creating the folders, but the folders created inherit the permissions of the parent directory and i want to change them.
Any help would be greatly appreciated
Sunil
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Don't know how to do it in VB, but use cacls (standard install), xcacls (Resource Kit) or supercacls (http://www.trustedsystems.com/scacls.htm) to manipulate the permissions from a batch command. You can call the batch from VB quite easily. If you replace the ACL on the root it will override the inherited permissions from the parent.

Commented:
This can be done via Windows Management Instrumentation (WMI)...  There is an example script at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/setsecuritydescriptor_method_in_class_win32_logicalfilesecuritysetting.asp

However, I'd tend to agree with kz20fl...  The command-line utilities are well suited for a "casual" script

Author

Commented:
Hi..I was able to manipulate the folder permissions using cacls & xcacls, but i am not able to call the batch file from vb. I have just started using these scripts, and trying to learn, so please do bear with me for some dumb questions.

On the other hand I was reseaching for more information on setting folder permissions and found an article from http://support.microsoft.com/default.aspx?scid=kb;en-us;266461 I tired using it, but before i could start using it, i need to register ADsSecurity.dll. I keep getting the error "LoadLibrary("ADsSecurity.dll") failed: The specified module could not be found". I am on a windows xp m/c,with windows 2000 network. I do not have the Resource Kit installed. Where can I download it?

Thanks for your help in advance

Sunil

Commented:
Stop!

There are a lot of problems with using the ADsSecurity.dll on the NTFS file system... (it was designed for setting permissions on Active Directory objects).  It does not correctly set the order of the Access Control Entries and does not support directory inheritance.  Yes, these issues can be overcome with additional code... but it's probably not worth it in your case (a script file)

When it comes to working with setting NTFS access permission, there are 4 generally acceptable methods to use... Use Windows Management Instrumentation (WMI), Use the ADsSecurity.dll from the ASDI SDK, use the low-level APIs, or use the high-level APIs.

Each techinque has it's strengths and weakness... WMI is clumbsy, somewhat bloated, and slow; ADsSecurity doesn't order the ACEs correctly and is slow; the low-level API are fast but tedious and have the same ordering problem.  That leaves the high-level APIs as the choice that most programmer's use (although it's weakness, is that it only works with Win2k and above).

This DLL file is part of the Active Directory Software Development Kit (SDK)... so if *really* want to get it, it's at <hey, I can't find it>

This is how to remedy the inheritance issue http://support.microsoft.com/default.aspx?scid=kb;en-us;266461
This is how to remedy the order issue http://support.microsoft.com/default.aspx?scid=kb;en-us;269159

Author

Commented:
Hi graye, Thank you very much for your quick response. That helps a lot. I do not necessarily have to use ADSI SDK. I am exactly creating a user interface, where you can enter a username and click a button, it should create a user in the Active directory,create a folder giving the new user full permissions to the new folder created. I was able to create a user and create a new folder using vbscript. And now with 'kz20fl' suggestion, i could assign the necessary folder permissions, using xcacls. But i am having difficulty in calling this batch script into the vbscript.

call perms("cmd.exe",1, True)

Please correct me if i am wrong with the syntax i used in calling the batch script "perms.bat"

The ADSI25 link does not have ADSI SDK for windows xp.

Author

Commented:
I am sorry..I was wrong about the ADSI25 link.
Commented:
<rant>
The fact that the ADSI SDK is found on the WinNT section, is a clue as to when it was created and what platforms it is supported on.  I tend to get on Microsoft's case when they publish code examples that either don't work, or especially in this case... are dangerous when used in a different OS.  Shame on you Microsoft!
</rant>

...and now to answer your questions :)

The easiest way to launch a command-line application inside a VBScript is something like this:

Set wsh = CreateObject("WScript.Shell")
wsh.run "xcalcls /a /b /c whatever",  7, false

      The "7" means launch a command window minimized, but do not transfer "focus" to the new window
      The "false" means don't wait until the command exits... just continue on (which is probably what you want?).

BTW:  Another alternative that you might wanna consider is the freely available ActiveX DLL from these guys http://setacl.sourceforge.net

... thanks for letting me vent! :)

Author

Commented:
Hi graye, It works great. I suppose we can use all the DOS commands in the WScript shell.
Thank you. All your input has helped me grow a lot wiser on scripting.

Commented:
Just for clarification...

Net.exe is not a built-in command (like CD or DIR)... it is a normal 32bit executable program that just so happens to be a console application instead of a windows application.

The wsh.Shell() function is the "heavy-weight" function... it brings in the user's environment (like the PATH variable and the concept of the Current Directory).  It also allows you to open a document via it's file extentions... for example, wsh.shell("Document1.doc") would launch Microsoft Word.  It is well suited for launching other 32-bit windows-style applications.

The wsh.Run() function is the "light weight" version... it does not support the the users environment nor the "document invocation" tricks.  However, it does allow you a finer-grained control over the process (which includes the redirection of the "standard out", which is what you wanted).  It is well suited for launching other 32-bit console-style applications.

Author

Commented:
Hi graye.Thank you. wsh.Run() suits my needs perfectly. But i am having problems when i supply the username using a variable. No errors, but doesn't change the permissions. When i use absolute value, instead of variable, it works.

contractor="Template"
path="c:\Test\"

Set wsh = CreateObject("WScript.Shell")
wsh.run "xcacls /t /g Domain\"&contractor&":f /y",7,True

Any suggestions/ideas where i am doing wrong.

Commented:
That looks good to me.... perhaps only the presence of spaces before and after the & symbol ?  (just a guess)

wsh.run "xcacls /t /g Domain\" & cotractor & ":f /y",7,True
                                           ^^^          ^^^

If that doesn't work, then store the command line in a string varible first

comand_string = "xcacls /t /g Domain\" & cotractor & ":f /y"
wsh.run command_string, 7, True

Author

Commented:
Finally it works now. And now i am doing some validation checks.
In the same script i create a user in the active directory services, create a folder and then assign the new user to the new folder.  I inserted a do..while loop for 1000, just to wait untill the user and the folder are created, before the permissions can apply. It did work, but i wonder if that is a good practice.
Better sleep! ;)

WScript.Sleep 1000

Commented:
Hello All,

              I want to write a vb script for checking write permission on whole C-drive and also want to log the path where write permission is there to a text file..


              Hope anyone can help me with script. As I am new to it.

Hoping for best .....

Regards,
Pralay Desai

Commented:
pralay, you're suppose to create a new question, rather than ask your question as a "add on" to some other existing question.

But, that said...

Tell us what you're trying to do...  what do you mean by "check write permission"?   Are you saying that you want to look at the entire C drive and find those files where a specific user has write permission?   Or are you saying that you want to record all of the permissions in a text file?

Commented:
Hello Graye,

                  I created new question as I realised it. You can find it under security section and with subject "check write permission on c: drive on win xp".

Hoping for your answer as its bit urgently required.

Regards,
Pralay Desai
I am desperate for an answer:

I posted my question here....

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21484539.html

 Question Title: Create NEW Folder from Script
asked by tqtclipper on 07/08/2005 12:09PM ADT  
This question is worth  250 Points  
 


I have some folders on a server (2003) with XP client. I need to create 2000 folders with "last name, first name and employee number (unique)" as the file name. Is there anyway to write a script to create the folders?

Any advice on this is greatly appreciated.

Thanks
TCLIP