• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

Scripting security question....

Hi all,
      I have a question about how to scipt something that I cannot figure out. I am trying to add "list only" groups in a domain. It is NOT AD yet (this is preperation for Ad migration) Anyway the code is listed below and the only thing I could think of was calcs or xcalcs but neither gives me a "list only" switch or option.
Thanks in advance....

Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
Const ADS_PROPERTY_APPEND = 3
Const INPUT_FILE_NAME = "corcl2-b dept shares.txt"
Const FOR_READING = 1

'Variable Declarations
Dim objOU, sHomePath
Dim sGlobalGroup, objGroup1
Dim sModifyGroup, sReadGroup, sListGroup
Dim objGroup2, objGroup3, objGroup4
Dim groupout, objAddGroup
Dim aShareList

sHomePath = "\\cor089F32\"

'==========================================================================
'Main Body
Set objOU = GetObject("LDAP://COR089xc03/OU=COR089Groups,OU=COR089,OU=COR,OU=COR,DC=us,DC=parker,DC=dev")

'Create an object for the file
Set oFSO = CreateObject("Scripting.FileSystemObject")
'Open the file
Set oFile = oFSO.OpenTextFile(INPUT_FILE_NAME, FOR_READING)

'Read the file and assign its contents to the variable sGroups'
Folders = oFile.ReadAll
'Close the file
oFile.Close
'Create an array from the list of groups
aFolders = Split(Folders, VbCrLf)

'for each item in the array,  Loop
For Each Folder In aFolders

   Call ShareFolder
   Call DLEnumGroups
   Call CreateFolder
   Call ShareFolder
   Call PermFolder
       
Next

Wscript.Quit

'==========================================================================
'Subroutines
Sub ShareFolder
      1Folder = LCase(Folder)
      letter = Left(1Folder, 1)
      Dept-2 = "abc"
      Dept-3 = "def"
      Dept-4 = "ghi"
      Dept-5 = "jklmnop"
      Dept-6 = "qrstuvwxyz"
            
      If InStr(Dept-2, letter)Then
                  sHomeDrive = "k$"
                  sHomeFolder = "Dept-2"
            Elseif InStr(Dept-3, letter) Then
                  sHomeDrive = "l$"
                  SHomeFolder = "Dept-3"
            Elseif InStr (Dept-4, letter) Then
                  sHomeDrive = "l$"
                  sHomeFolder = "Dept-4"
            Elseif InStr (Dept-5, letter) Then
                  sHomeDrive = "m$"
                  sHomeFolder = "Dept-5"
            Elseif InStr (Dept-6, letter) Then
                  sHomeDrive = "m$"
                  sHomeFolder = "Dept-6"
      End If                        
End Sub

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Sub DLEnumGroups
      sModifyGroup = "COR089DL"&sGroupName&"M"
    sReadGroup = "COR089DL"&sGroupName&"R"
    sListGroup = "COR089DL"&sGroupName&"L"
      Set objGroup2 = objOU.Create("Group", "cn="&sModifyGroup)
      objGroup2.Put "sAMAccountName", sModifyGroup
      objGroup2.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
      objGroup2.Put "description","Modify access to "&sGroupName
      objGroup2.SetInfo

            
      Set objGroup3 = objOU.Create("Group", "cn="&sReadGroup)
      objGroup3.Put "sAMAccountName", sReadGroup
      objGroup3.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
      objGroup3.Put "description","Read access to "&sGroupName
      objGroup3.SetInfo

      Set objGroup4 = objOU.Create("Group", "cn="&sListGroup)
      objGroup4.Put "sAMAccountName", sListGroup
      objGroup4.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
      objGroup4.Put "description","List access to "&sGroupName
      objGroup4.SetInfo
End Sub
' sort the UserID for home drive creation location.

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''            
            
Sub CreateFolder
      ' create the users home directory
      Set oFolder = oFSO.CreateFolder(sHomePath & sHomeDrive & "\" _
      & sHomeFolder & "\" & Folder)
      Set easyPath = sHomePath & sHomeDrive & "\" _
      & sHomeFolder & "\" & Folder
End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''                  
                  
Sub ShareFolder
      ' share the folder with this WMI expression.
      WScript.Sleep(1000)
      link = Left(sHomeDrive, 1) & ":\" & sHomeFolder & "\" & sUserID
      Set objWMIService = GetObject("winmgmts:" _
      & "{impersonationLevel=impersonate}!\\cor089f32\root\cimv2"
      
      Set objNewShare = objWMIService.Get("Win32_Share")

      errReturn = objNewShare.Create(easyPath, Folder, FILE_SHARE, , "")

End Sub

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Sub PermFolder       
'Set access permissions on the home drive
      xcacls = "xcacls " & sHomePath & sHomeDrive & "\" _
      & sHomeFolder & "\" & sUserID & " /E /G" & sUserID & ":R"
      WshShell.Run "cmd"
      WScript.Sleep(500)
      WshShell.AppActivate "cmd.exe"
      WshShell.sendkeys cacls & "{ENTER}"
      WScript.Sleep(500)
      WshShell.AppActivate "cmd.exe"
      WshShell.sendkeys "exit{ENTER}"
End Sub
0
mikeeubank
Asked:
mikeeubank
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
FYI the tilde " ~ " is a short-cut in send key's for the "enter" key.
 WshShell.sendkeys "exit~"
should have the same effect.
You sure do have a lot of AD call's if your not using AD yet... LDAP://COR089xc03/OU=COR089Groups,OU=COR089,OU=COR,OU=COR,DC=us,DC=parker,DC=dev

I can follow the script to a point but what is the ultimate goal, I can't assertain it currently.
You want to list only the current file/folder permissions for their homedir/path's?

This script requires perl to be installed but does a great job
http://support.microsoft.com/?kbid=320050
-rich
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now