Lock files older than 1 week

We are scanning all bills to our network for easy access. Now I want to secure them, so no one deletes them. It should work like this:

Every day new bills enters our network. The person scanning the bills should be able to move them around, so they get placed in the right folders and should be able to rename the files. They are scanned in PDF. This means that this user should have an "all access" to newly scanned documents.

Every night I want windows to change the security permissions on all files that are more than one week old, so they can't get modified, moved or deleted.

Is that possible? I guess it would take some kind of macro or 3. part software to do it.

All hints or better ideas would be appreciated.

By the way we are using a SBS 2003 with XP workstations.

Have a good weekend

Zoodiaq
ZoodiaqAsked:
Who is Participating?
 
mdiglioCommented:
dim strUserName, strPath2Xcacls, strFolderName, strComputer, Date2Check
dim arrFolderPath, strChangeFileACL, strNewPath

'strUsername can be a user or group e.g. DomainName\username
strUserName = "DomainName\username"

'strPath2Xcacls enter the path to where ever you have the xcacls.vbs file.
strPath2Xcacls = "C:\xcacls.vbs"

'StrFolderName will be the top level folder
strFolderName = "c:\Perms"

'strComputer...the "." represents local machine
strComputer = "."
Date2Check = (Date - 7)

Set wshshell = CreateObject("WScript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'Get all the files starting from top folder ( strFolderName )
Set colSubfolders = objWMIService.ExecQuery _
    ("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _
        & "Where AssocClass = Win32_Subdirectory " _
            & "ResultRole = PartComponent")

arrFolderPath = Split(strFolderName, "\")
strNewPath = ""
For i = 1 To UBound(arrFolderPath)
    strNewPath = strNewPath & "\\" & arrFolderPath(i)
Next
strPath = strNewPath & "\\"
Date2Check = (Date - 7)
Set colFiles = objWMIService.ExecQuery _
    ("Select * from CIM_DataFile where creationdate < '" & Date2Check & "' and Path = '" & strPath & "'")

For Each objFile In colFiles
    strChangeFileACL = objFile.Name
    'For every file that is older than 7 days change the permissions
    'The ,0 at the end hides the command window
    wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
    'The 6 Second sleep command prevents too many command windows from being open at the same time
    wscript.sleep 6000
Next

For Each objFolder In colSubfolders
    GetSubFolders strFolderName
Next

'!!!! This line is only here for the testing stage. So you know when the script has finished
'!!!! Remove wscript.echo "Done" when you schedule this as a task
wscript.echo "Done"
wscript.quit

Sub GetSubFolders(strFolderName)

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colSubfolders2 = objWMIService.ExecQuery _
        ("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _
            & "Where AssocClass = Win32_Subdirectory " _
                & "ResultRole = PartComponent")

    For Each objFolder2 In colSubfolders2
        strFolderName = objFolder2.Name
        arrFolderPath = Split(strFolderName, "\")
        strNewPath = ""
        For i = 1 To UBound(arrFolderPath)
            strNewPath = strNewPath & "\\" & arrFolderPath(i)
        Next
        strPath = strNewPath & "\\"
        'Only grab files that are older than 7 days
        Set colFiles = objWMIService.ExecQuery _
            ("Select * from CIM_DataFile where  creationdate < '" & Date2Check & "' and  Path = '" & strPath & "'")

        For Each objFile In colFiles
            strChangeFileACL = objFile.Name
            'For every file that is older than 7 days change the permissions
            'The ,0 at the end hides the command window
            wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
            'The 6 Second sleep command prevents too many command windows from being open at the same time
            wscript.sleep 6000
        Next

        GetSubFolders strFolderName
    Next
end sub

0
 
mdiglioCommented:
How about if you create a new folder with more restrictive permissions
then run a scheduled task to move the files that new folder?

This code will enumerate all files in a given folder then if the created date is more than 7 days old it
will move those to a different

You can copy and paste this into notepad and save it with a .vbs extension
the set a scheduled to run the vbs file nightly

'Begin Copy
Set objFSO = CreateObject("Scripting.FileSystemObject")
'!!!!!Define starting folder
objStartFolder = "C:\BgInfo"
Set objFolder = objFSO.GetFolder(objStartFolder)

'Enumerate Files in that folder
Set colFiles = objFolder.Files
    For Each objFile In colFiles

        strFile = objStartFolder & "\" & objFile.Name
        Set objFile = objFSO.GetFile(strFile)
        'Grab DateCreated attribute. You can also use DateLastModified
        'If the file is a week old then move it

            If objFile.DateCreated < Date - 6 Then
                '!!!!Change the destination part of this...."F:\NewFolder"
                objFSO.MoveFile strFile, "F:\NewFolder"
            End If

      Next
Set objFile = Nothing
Set colFile = Nothing
Set objFSO = Nothing
'End Copy
0
 
mdiglioCommented:
Meant to say Date - 7 here:
If objFile.DateCreated < Date - 6 Then

Test it out on a Test folder first

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
ZoodiaqAuthor Commented:
It not really good to move the file because then you have to look in more than one folder for the same type of bills. The files has to stay in the folder the user put them in, so it has to be the permissions that are getting changed.
0
 
ZoodiaqAuthor Commented:
Is it possible to change permissions with a .vbs
0
 
mdiglioCommented:
Sure, this can be done using xcacls in place of the move command.
Do you have inheritance set on the .pdf files?
0
 
ZoodiaqAuthor Commented:
Yes I do
0
 
ZoodiaqAuthor Commented:
OK so what the script should do is to look in every subfolder of "x:\test\" and change the security permissions to "read only" for domain\users. Can this be done?
0
 
mdiglioCommented:
Yes that can be done.
Enumerating the subfolders increases the difficulty of it.
I will try to come up with a clean way to do it.
0
 
ZoodiaqAuthor Commented:
thx
0
 
mdiglioCommented:

Download Xcacls.vbs from here:
Extended Change Access Control List Tool (Xcacls)
http://www.microsoft.com/downloads/details.aspx?FamilyID=0ad33a24-0616-473c-b103-c35bc2820bda&DisplayLang=en

Make Note of where you extract the file. You will need to enter that path in your script

How to use Xcacls.vbs to modify NTFS permissions
http://support.microsoft.com/?id=825751

Right now the script is set up to give the group or user you choose Read access.

This script will remove the inheritance flag on the files. It will be the same
as if you unchecked the box yourself and choose to COPY the permissions.

This will do all files under the given path and recusrively go through all its folders.
If there are other files in there besides .pdfs that you do not want to be changed
let me know and I'll modify it.

I placed some notes in the script that you should read

Make sure you do this on test folders first

If you need to look at the script in a better format than notepad try this free program
http://www.crimsoneditor.com/
0
 
ZoodiaqAuthor Commented:
Wow, what a job you did. I will test it as soon as I have access to the server. Btw I can already now tell you now that there are others files beside PDF, that must not be changed. I should have told you before, sorry.
0
 
mdiglioCommented:
To only change .pdfs add these lines around line 40 and 78

If the above script is in notepad you'll see these lines in 2 places around line 78 and 40

wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
'The 6 Second sleep command prevents too many command windows from being open at the same time
wscript.sleep 6000

We need to put this line before the wshShell.run in BOTH Places   ....
If Right(strChangeFileACL, 4) = ".pdf" Then

and we need this line after the wscript.sleep 6000 in BOTH Places     ....
End If


The End result should look like this in those 2 places

If Right(strChangeFileACL, 4) = ".pdf" Then
      wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
      'The 6 Second sleep command prevents too many command windows from being open at the same time
      wscript.sleep 6000
End if
0
 
JackOfPHCommented:
listening
0
 
ZoodiaqAuthor Commented:
Now I tested the script. I started without putting the Pdf lines in just to test it, and it doesn't seem to work. Is there anyway I can go through the script line by line to see where it goes wrong like i do in Word??
0
 
mdiglioCommented:
Did you test it on a folder that you just created or the one that has all the .pdfs already?
I guess my point is to make sure there are files older than 7 days old in the Folder

If you have VB6 we can place this script in there with very few modifications.

Verify that word wrap was turned off when you pasted the code into notepad

Have you downloaded the xcacls.vbs, and then noted the location of that file in the strPath2Xcacls ?
e.g. strPath2Xcacls = "C:\xcacls.vbs"
It sounds like it is a problem with the xcacls part of the script


0
 
mdiglioCommented:
There are 2 places that have the line that begins with:
wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0

place an apostrophe at the beginning of those 2 lines...   '
Then type this line beneath it
msgbox strChangeFileACL

If you have 100s of files that are older than 7 days let me know and I'll change this.
If it works there will be a message box for every file that is older than 7 days

Be sure to undo both changes after the test
0
 
mdiglioCommented:
Do you have spaces in the file names?
0
 
ZoodiaqAuthor Commented:
Currently I am testing it on a testlibrary and yes there are spaces in the filenames. I will go through your suggestions see if that works.
0
 
ZoodiaqAuthor Commented:
By putting in msgbox commands all the way down I found out that the script never get past this line:

For Each objFile In colFiles
0
 
ZoodiaqAuthor Commented:
or at least I'm not getting the msgbox
0
 
mdiglioCommented:
During this testing phase if you only have a few files in the testlibrary folder you can comment out the
wscript.sleep 6000 part or set it lower.

Here is the modification needed to allow for files with spaces in their names:
change the 2 lines around line 40 and line 78 that are like this:

wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
TO
wshshell.run "cmd /c cscript " & strPath2Xcacls & "  " & chr(34) & strChangeFileACL & chr(34) & " /I COPY /P " &  strUserName & ":R /E" ,0

Are the folders/files you you are enumerating on the same machine the script is running on?




0
 
mdiglioCommented:
If that doesn't work paste your script into your next post...remove the domain info in strUserName if you want

Another step we can take before posting the entire script is to change those same 2 lines to be like this:

msgbox "cmd /c cscript " & strPath2Xcacls & "  " & chr(34) & strChangeFileACL & chr(34) & " /I COPY /P " &  strUserName & ":R /E",0

now you will see a message box that should tell us a lot about what is missing.
You can also write down the output of the message box and put it in you next post.
0
 
ZoodiaqAuthor Commented:
This is the script I'm trying to run. I show MSGBOX 6 put not anything else.



dim strUserName, strPath2Xcacls, strFolderName, strComputer, Date2Check
dim arrFolderPath, strChangeFileACL, strNewPath

'strUsername can be a user or group e.g. DomainName\username
strUserName = "Domain\Users"

'strPath2Xcacls enter the path to where ever you have the xcacls.vbs file.
strPath2Xcacls = "d:\profiler\scripts\xcacls.vbs"

'StrFolderName will be the top level folder
strFolderName = "d:\test2"

'strComputer...the "." represents local machine
strComputer = "."
Date2Check = (Date - 7)

Set wshshell = CreateObject("WScript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'Get all the files starting from top folder ( strFolderName )
Set colSubfolders = objWMIService.ExecQuery _
    ("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _
        & "Where AssocClass = Win32_Subdirectory " _
            & "ResultRole = PartComponent")

arrFolderPath = Split(strFolderName, "\")
strNewPath = ""
For i = 1 To UBound(arrFolderPath)
    strNewPath = strNewPath & "\\" & arrFolderPath(i)
Next
strPath = strNewPath & "\\"
Date2Check = (Date - 7)
Set colFiles = objWMIService.ExecQuery _
    ("Select * from CIM_DataFile where creationdate < '" & Date2Check & "' and Path = '" & strPath & "'")
msgbox "6"

For Each objFile In colFiles
    strChangeFileACL = objFile.Name
    'For every file that is older than 7 days change the permissions
    'The ,0 at the end hides the command window
    msgbox "cmd /c cscript " & strPath2Xcacls & "  " & chr(34) & strChangeFileACL & chr(34) & " /I COPY /P " &  strUserName & ":R /E",0

    'wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0

    'The 6 Second sleep command prevents too many command windows from being open at the same time
    wscript.sleep 1000
Next

For Each objFolder In colSubfolders
    GetSubFolders strFolderName
Next

'!!!! This line is only here for the testing stage. So you know when the script has finished
'!!!! Remove wscript.echo "Done" when you schedule this as a task
wscript.echo "Done"
wscript.quit

Sub GetSubFolders(strFolderName)

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colSubfolders2 = objWMIService.ExecQuery _
        ("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _
            & "Where AssocClass = Win32_Subdirectory " _
                & "ResultRole = PartComponent")

    For Each objFolder2 In colSubfolders2
        strFolderName = objFolder2.Name
        arrFolderPath = Split(strFolderName, "\")
        strNewPath = ""
        For i = 1 To UBound(arrFolderPath)
            strNewPath = strNewPath & "\\" & arrFolderPath(i)
        Next
        strPath = strNewPath & "\\"
        'Only grab files that are older than 7 days
        Set colFiles = objWMIService.ExecQuery _
            ("Select * from CIM_DataFile where  creationdate < '" & Date2Check & "' and  Path = '" & strPath & "'")

        For Each objFile In colFiles
            strChangeFileACL = objFile.Name
            'For every file that is older than 7 days change the permissions
            'The ,0 at the end hides the command window
            msgbox "cmd /c cscript " & strPath2Xcacls & "  " & chr(34) & strChangeFileACL & chr(34) & " /I COPY /P " &  strUserName & ":R /E",0

            'wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
            'The 6 Second sleep command prevents too many command windows from being open at the same time
            wscript.sleep 1000
        Next

        GetSubFolders strFolderName
    Next
end sub
0
 
mdiglioCommented:
I copied and pasted your code and it is working for me on an XP machine and a 2003 server. I do not have SBS 2003

Things to check:
1) If d:\test2 is a new folder then there won't be any files with a creation date older than 7 days

2) change the Date2Check from (date - 7 ) TO (Date + 7)

   
0
 
ZoodiaqAuthor Commented:
Ups... I didn't check creation date I checked modify date.....Thats must be the problem. I will try again.
0
 
ZoodiaqAuthor Commented:
I did it, its working. Perfect. Thanks
0
 
ZoodiaqAuthor Commented:
Wish I could give you 1000 points :-)
0
 
mdiglioCommented:
Cool...I'm glad you got it working!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.