Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Lock files older than 1 week

Posted on 2006-05-12
29
Medium Priority
?
232 Views
Last Modified: 2013-12-04
We are scanning all bills to our network for easy access. Now I want to secure them, so no one deletes them. It should work like this:

Every day new bills enters our network. The person scanning the bills should be able to move them around, so they get placed in the right folders and should be able to rename the files. They are scanned in PDF. This means that this user should have an "all access" to newly scanned documents.

Every night I want windows to change the security permissions on all files that are more than one week old, so they can't get modified, moved or deleted.

Is that possible? I guess it would take some kind of macro or 3. part software to do it.

All hints or better ideas would be appreciated.

By the way we are using a SBS 2003 with XP workstations.

Have a good weekend

Zoodiaq
0
Comment
Question by:Zoodiaq
  • 14
  • 14
29 Comments
 
LVL 16

Expert Comment

by:mdiglio
ID: 16670032
How about if you create a new folder with more restrictive permissions
then run a scheduled task to move the files that new folder?

This code will enumerate all files in a given folder then if the created date is more than 7 days old it
will move those to a different

You can copy and paste this into notepad and save it with a .vbs extension
the set a scheduled to run the vbs file nightly

'Begin Copy
Set objFSO = CreateObject("Scripting.FileSystemObject")
'!!!!!Define starting folder
objStartFolder = "C:\BgInfo"
Set objFolder = objFSO.GetFolder(objStartFolder)

'Enumerate Files in that folder
Set colFiles = objFolder.Files
    For Each objFile In colFiles

        strFile = objStartFolder & "\" & objFile.Name
        Set objFile = objFSO.GetFile(strFile)
        'Grab DateCreated attribute. You can also use DateLastModified
        'If the file is a week old then move it

            If objFile.DateCreated < Date - 6 Then
                '!!!!Change the destination part of this...."F:\NewFolder"
                objFSO.MoveFile strFile, "F:\NewFolder"
            End If

      Next
Set objFile = Nothing
Set colFile = Nothing
Set objFSO = Nothing
'End Copy
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16670099
Meant to say Date - 7 here:
If objFile.DateCreated < Date - 6 Then

Test it out on a Test folder first

0
 

Author Comment

by:Zoodiaq
ID: 16671639
It not really good to move the file because then you have to look in more than one folder for the same type of bills. The files has to stay in the folder the user put them in, so it has to be the permissions that are getting changed.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:Zoodiaq
ID: 16671645
Is it possible to change permissions with a .vbs
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16672549
Sure, this can be done using xcacls in place of the move command.
Do you have inheritance set on the .pdf files?
0
 

Author Comment

by:Zoodiaq
ID: 16672746
Yes I do
0
 

Author Comment

by:Zoodiaq
ID: 16672753
OK so what the script should do is to look in every subfolder of "x:\test\" and change the security permissions to "read only" for domain\users. Can this be done?
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16674938
Yes that can be done.
Enumerating the subfolders increases the difficulty of it.
I will try to come up with a clean way to do it.
0
 

Author Comment

by:Zoodiaq
ID: 16675406
thx
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16675427

Download Xcacls.vbs from here:
Extended Change Access Control List Tool (Xcacls)
http://www.microsoft.com/downloads/details.aspx?FamilyID=0ad33a24-0616-473c-b103-c35bc2820bda&DisplayLang=en

Make Note of where you extract the file. You will need to enter that path in your script

How to use Xcacls.vbs to modify NTFS permissions
http://support.microsoft.com/?id=825751

Right now the script is set up to give the group or user you choose Read access.

This script will remove the inheritance flag on the files. It will be the same
as if you unchecked the box yourself and choose to COPY the permissions.

This will do all files under the given path and recusrively go through all its folders.
If there are other files in there besides .pdfs that you do not want to be changed
let me know and I'll modify it.

I placed some notes in the script that you should read

Make sure you do this on test folders first

If you need to look at the script in a better format than notepad try this free program
http://www.crimsoneditor.com/
0
 
LVL 16

Accepted Solution

by:
mdiglio earned 2000 total points
ID: 16675433
dim strUserName, strPath2Xcacls, strFolderName, strComputer, Date2Check
dim arrFolderPath, strChangeFileACL, strNewPath

'strUsername can be a user or group e.g. DomainName\username
strUserName = "DomainName\username"

'strPath2Xcacls enter the path to where ever you have the xcacls.vbs file.
strPath2Xcacls = "C:\xcacls.vbs"

'StrFolderName will be the top level folder
strFolderName = "c:\Perms"

'strComputer...the "." represents local machine
strComputer = "."
Date2Check = (Date - 7)

Set wshshell = CreateObject("WScript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'Get all the files starting from top folder ( strFolderName )
Set colSubfolders = objWMIService.ExecQuery _
    ("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _
        & "Where AssocClass = Win32_Subdirectory " _
            & "ResultRole = PartComponent")

arrFolderPath = Split(strFolderName, "\")
strNewPath = ""
For i = 1 To UBound(arrFolderPath)
    strNewPath = strNewPath & "\\" & arrFolderPath(i)
Next
strPath = strNewPath & "\\"
Date2Check = (Date - 7)
Set colFiles = objWMIService.ExecQuery _
    ("Select * from CIM_DataFile where creationdate < '" & Date2Check & "' and Path = '" & strPath & "'")

For Each objFile In colFiles
    strChangeFileACL = objFile.Name
    'For every file that is older than 7 days change the permissions
    'The ,0 at the end hides the command window
    wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
    'The 6 Second sleep command prevents too many command windows from being open at the same time
    wscript.sleep 6000
Next

For Each objFolder In colSubfolders
    GetSubFolders strFolderName
Next

'!!!! This line is only here for the testing stage. So you know when the script has finished
'!!!! Remove wscript.echo "Done" when you schedule this as a task
wscript.echo "Done"
wscript.quit

Sub GetSubFolders(strFolderName)

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colSubfolders2 = objWMIService.ExecQuery _
        ("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _
            & "Where AssocClass = Win32_Subdirectory " _
                & "ResultRole = PartComponent")

    For Each objFolder2 In colSubfolders2
        strFolderName = objFolder2.Name
        arrFolderPath = Split(strFolderName, "\")
        strNewPath = ""
        For i = 1 To UBound(arrFolderPath)
            strNewPath = strNewPath & "\\" & arrFolderPath(i)
        Next
        strPath = strNewPath & "\\"
        'Only grab files that are older than 7 days
        Set colFiles = objWMIService.ExecQuery _
            ("Select * from CIM_DataFile where  creationdate < '" & Date2Check & "' and  Path = '" & strPath & "'")

        For Each objFile In colFiles
            strChangeFileACL = objFile.Name
            'For every file that is older than 7 days change the permissions
            'The ,0 at the end hides the command window
            wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
            'The 6 Second sleep command prevents too many command windows from being open at the same time
            wscript.sleep 6000
        Next

        GetSubFolders strFolderName
    Next
end sub

0
 

Author Comment

by:Zoodiaq
ID: 16677460
Wow, what a job you did. I will test it as soon as I have access to the server. Btw I can already now tell you now that there are others files beside PDF, that must not be changed. I should have told you before, sorry.
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16678182
To only change .pdfs add these lines around line 40 and 78

If the above script is in notepad you'll see these lines in 2 places around line 78 and 40

wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
'The 6 Second sleep command prevents too many command windows from being open at the same time
wscript.sleep 6000

We need to put this line before the wshShell.run in BOTH Places   ....
If Right(strChangeFileACL, 4) = ".pdf" Then

and we need this line after the wscript.sleep 6000 in BOTH Places     ....
End If


The End result should look like this in those 2 places

If Right(strChangeFileACL, 4) = ".pdf" Then
      wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
      'The 6 Second sleep command prevents too many command windows from being open at the same time
      wscript.sleep 6000
End if
0
 
LVL 15

Expert Comment

by:JackOfPH
ID: 16679440
listening
0
 

Author Comment

by:Zoodiaq
ID: 16685433
Now I tested the script. I started without putting the Pdf lines in just to test it, and it doesn't seem to work. Is there anyway I can go through the script line by line to see where it goes wrong like i do in Word??
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16685962
Did you test it on a folder that you just created or the one that has all the .pdfs already?
I guess my point is to make sure there are files older than 7 days old in the Folder

If you have VB6 we can place this script in there with very few modifications.

Verify that word wrap was turned off when you pasted the code into notepad

Have you downloaded the xcacls.vbs, and then noted the location of that file in the strPath2Xcacls ?
e.g. strPath2Xcacls = "C:\xcacls.vbs"
It sounds like it is a problem with the xcacls part of the script


0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16685977
There are 2 places that have the line that begins with:
wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0

place an apostrophe at the beginning of those 2 lines...   '
Then type this line beneath it
msgbox strChangeFileACL

If you have 100s of files that are older than 7 days let me know and I'll change this.
If it works there will be a message box for every file that is older than 7 days

Be sure to undo both changes after the test
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16686132
Do you have spaces in the file names?
0
 

Author Comment

by:Zoodiaq
ID: 16686161
Currently I am testing it on a testlibrary and yes there are spaces in the filenames. I will go through your suggestions see if that works.
0
 

Author Comment

by:Zoodiaq
ID: 16686244
By putting in msgbox commands all the way down I found out that the script never get past this line:

For Each objFile In colFiles
0
 

Author Comment

by:Zoodiaq
ID: 16686278
or at least I'm not getting the msgbox
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16686382
During this testing phase if you only have a few files in the testlibrary folder you can comment out the
wscript.sleep 6000 part or set it lower.

Here is the modification needed to allow for files with spaces in their names:
change the 2 lines around line 40 and line 78 that are like this:

wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
TO
wshshell.run "cmd /c cscript " & strPath2Xcacls & "  " & chr(34) & strChangeFileACL & chr(34) & " /I COPY /P " &  strUserName & ":R /E" ,0

Are the folders/files you you are enumerating on the same machine the script is running on?




0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16686406
If that doesn't work paste your script into your next post...remove the domain info in strUserName if you want

Another step we can take before posting the entire script is to change those same 2 lines to be like this:

msgbox "cmd /c cscript " & strPath2Xcacls & "  " & chr(34) & strChangeFileACL & chr(34) & " /I COPY /P " &  strUserName & ":R /E",0

now you will see a message box that should tell us a lot about what is missing.
You can also write down the output of the message box and put it in you next post.
0
 

Author Comment

by:Zoodiaq
ID: 16689739
This is the script I'm trying to run. I show MSGBOX 6 put not anything else.



dim strUserName, strPath2Xcacls, strFolderName, strComputer, Date2Check
dim arrFolderPath, strChangeFileACL, strNewPath

'strUsername can be a user or group e.g. DomainName\username
strUserName = "Domain\Users"

'strPath2Xcacls enter the path to where ever you have the xcacls.vbs file.
strPath2Xcacls = "d:\profiler\scripts\xcacls.vbs"

'StrFolderName will be the top level folder
strFolderName = "d:\test2"

'strComputer...the "." represents local machine
strComputer = "."
Date2Check = (Date - 7)

Set wshshell = CreateObject("WScript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'Get all the files starting from top folder ( strFolderName )
Set colSubfolders = objWMIService.ExecQuery _
    ("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _
        & "Where AssocClass = Win32_Subdirectory " _
            & "ResultRole = PartComponent")

arrFolderPath = Split(strFolderName, "\")
strNewPath = ""
For i = 1 To UBound(arrFolderPath)
    strNewPath = strNewPath & "\\" & arrFolderPath(i)
Next
strPath = strNewPath & "\\"
Date2Check = (Date - 7)
Set colFiles = objWMIService.ExecQuery _
    ("Select * from CIM_DataFile where creationdate < '" & Date2Check & "' and Path = '" & strPath & "'")
msgbox "6"

For Each objFile In colFiles
    strChangeFileACL = objFile.Name
    'For every file that is older than 7 days change the permissions
    'The ,0 at the end hides the command window
    msgbox "cmd /c cscript " & strPath2Xcacls & "  " & chr(34) & strChangeFileACL & chr(34) & " /I COPY /P " &  strUserName & ":R /E",0

    'wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0

    'The 6 Second sleep command prevents too many command windows from being open at the same time
    wscript.sleep 1000
Next

For Each objFolder In colSubfolders
    GetSubFolders strFolderName
Next

'!!!! This line is only here for the testing stage. So you know when the script has finished
'!!!! Remove wscript.echo "Done" when you schedule this as a task
wscript.echo "Done"
wscript.quit

Sub GetSubFolders(strFolderName)

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colSubfolders2 = objWMIService.ExecQuery _
        ("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _
            & "Where AssocClass = Win32_Subdirectory " _
                & "ResultRole = PartComponent")

    For Each objFolder2 In colSubfolders2
        strFolderName = objFolder2.Name
        arrFolderPath = Split(strFolderName, "\")
        strNewPath = ""
        For i = 1 To UBound(arrFolderPath)
            strNewPath = strNewPath & "\\" & arrFolderPath(i)
        Next
        strPath = strNewPath & "\\"
        'Only grab files that are older than 7 days
        Set colFiles = objWMIService.ExecQuery _
            ("Select * from CIM_DataFile where  creationdate < '" & Date2Check & "' and  Path = '" & strPath & "'")

        For Each objFile In colFiles
            strChangeFileACL = objFile.Name
            'For every file that is older than 7 days change the permissions
            'The ,0 at the end hides the command window
            msgbox "cmd /c cscript " & strPath2Xcacls & "  " & chr(34) & strChangeFileACL & chr(34) & " /I COPY /P " &  strUserName & ":R /E",0

            'wshshell.run "cmd /c cscript " & strPath2Xcacls & " " & strChangeFileACL & " /I COPY /P " &  strUserName & ":R /E", 0
            'The 6 Second sleep command prevents too many command windows from being open at the same time
            wscript.sleep 1000
        Next

        GetSubFolders strFolderName
    Next
end sub
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16690509
I copied and pasted your code and it is working for me on an XP machine and a 2003 server. I do not have SBS 2003

Things to check:
1) If d:\test2 is a new folder then there won't be any files with a creation date older than 7 days

2) change the Date2Check from (date - 7 ) TO (Date + 7)

   
0
 

Author Comment

by:Zoodiaq
ID: 16691194
Ups... I didn't check creation date I checked modify date.....Thats must be the problem. I will try again.
0
 

Author Comment

by:Zoodiaq
ID: 16691562
I did it, its working. Perfect. Thanks
0
 

Author Comment

by:Zoodiaq
ID: 16691682
Wish I could give you 1000 points :-)
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 16692128
Cool...I'm glad you got it working!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Integration Management Part 2
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question