markholmes24
asked on
Calling xcacls.vbs from script
I am currently migratng a server containing a library of data to a new box. Currenty, the access permissions for each part of the datalibrary are set using individual user names rather than groups, and I want to move the whole thing over to group based permissions. The datalibrary contains about 1300 folders all of which I need to control access to.
To do this I have used a utility called dumpacl to read the permissions data for the whole library filesystem and save it to an Excel spreadsheet. I have then created a script which reads the data from the Excel spreadsheet .The script creates AD groups based on the folder name, adds the user(s) who have access to the group and gives that group permissions on the folder. I am calling xcacls.vbs from the script to do this, but it won't work - I get an entry in the logfle xcalcs generates - 'filename is required but was not passed as an arguement'. I can't see why it isn't passing the folder name to xcacls (the folder name is stored in the strFolder variable). I know that variable contains the correct foldername as I've done a simple msgbox strFolder to check.
The error in the log is:
Starting XCACLS.VBS (Version: 5.2) Script at 6/6/2006 10:41:20 AM
Startup directory:
"E:\Stuff From DL"
Arguments Used:
Filename is required and was not passed as an argument.
/E (Edit ACL leaving other users intact)
/G (Grant rights)
DL:R;R
/L (File: "c:\script2.log")
Error: Required Filename missing.
========================== ========== ==========
The code is below, any suggestions welcome. The other variable passed to xcacls, strGroup, is passed correctly as are all the other parameters, so it seems to be just that. I'm sure it's something simple, but I just can't see what.
FOOTNOTE:I have just tested it again, this time specifying a file rather than a folder (the sreadsheet contans a list of folders ie e:\folder1\folder2, I have specified an individual file c:\testfile.txt on one of the lines and it passed this to xcalcs correctly and set the permissions - so why won't it work with just a foldername?- I must be doing something wrong with the xcacls syntax?. The line that calls xcacls.vbs is near he bottom of the script.
Help! I am allocating 500 points to this question as I need to get his sorted ASAP.
The code:
' Version 1 - June 2006
'========================= ========== ========== ========== ========== =========
'
' VBScript Source File -- Created in SAPIEN Technologies PrimalScript 4.0
'
' NAME:Datalibrary Move Script
'
' AUTHOR: Mark Holmes
' DATE : 30/03/2006
'
' COMMENT:
'
'========================= ========== ========== ========== ========== =========
'Declare variables
Option Explicit
Dim intRow, objExcel, objSheet, strPathExcel
Dim strGroup, strUser, strFolder
Dim objFSO, objShell, intRunError
Dim objOU, objGroup
'Amend this path depending on where the Excel sheet Is
strPathExcel = "E:\GroupsList.xls"
intRow = 2 ' Row 1 contains headings, start reading from row 2
' Open the Excel spreadsheet
Set objFSO = CreateObject("Scripting.Fi leSystemOb ject")
Set objExcel = CreateObject("Excel.Applic ation")
Set objSheet = objExcel.Workbooks.Open(st rPathExcel )
'Create shell for command/cacls
Set objShell = CreateObject("Wscript.Shel l")
'Error handling - continue if error encountered
On Error Resume Next
'Cycle through cells until string endoflist is encountered in spreadsheet column 1
MsgBox "Beginning Script Execution"
Do Until (objExcel.Cells(intRow,1). Value) = "endoflist"
'Read group name from column 1 and folder name from column 2
strGroup = objExcel.Cells(intRow, 1).Value
strUser = objExcel.Cells(introw, 3).Value
strFolder = objExcel.Cells(intRow, 2).Value
Call CreateGroup 'Create the group using the groupname from col 1 of the Excel sheet, stored in strGroup
Call AddUsersToGroup'Call AddUser 'Add the user in column 3 of Excel sheet to the group in column 1
Call SetACLS
'then call ChangeACL's sub to set permissions for group in col1 to read for folder in col2
intRow = introw +1 'increment introw by 1 to move to next row
Loop
objExcel.Quit ' Close Excel
Sub CreateGroup ()
Const ADS_GROUP_TYPE_GLOBAL_GROU P = &h2
Const ADS_GROUP_TYPE_SECURITY_EN ABLED = &h80000000
'Define objects
Set objOU = GetObject("LDAP://ou=Test, ou=Nuffiel dUsers,dc= nuff,dc=ox ,dc=ac,dc= uk")
Set objGroup = objOU.Create("Group", "cn=" &strGroup)
'Create Group
objGroup.Put "sAMAccountName","" &strGroup
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROU P Or _
ADS_GROUP_TYPE_SECURITY_EN ABLED
objGroup.SetInfo
End Sub
Sub AddUsersToGroup
Dim adsPath, objUser,objGroup
Dim adsUser, adsGroup
adsPath="WinNT://NuffieldC ollege/"
strUser = RTrim(strUser)
strGroup = RTrim(strGroup)
adsUser = adsPath & strUser & ",user"
adsGroup=adsPath & strGroup & ",group"
Set objUser = GetObject(adsUser)
Set objGroup= GetObject(adsGroup)
objGroup.Add(objUser.adsPa th)
End Sub
Sub SetACLS
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cscript.exe e:\xcacls.vbs " & strFolder & " /E /l c:\script2.log /g "& strGroup & ":R;R", 2, True)
'MsgBox strFolder
End Sub
objExcel.Quit
'Close Excel
MsgBox "Script Complete"
WScript.Quit
To do this I have used a utility called dumpacl to read the permissions data for the whole library filesystem and save it to an Excel spreadsheet. I have then created a script which reads the data from the Excel spreadsheet .The script creates AD groups based on the folder name, adds the user(s) who have access to the group and gives that group permissions on the folder. I am calling xcacls.vbs from the script to do this, but it won't work - I get an entry in the logfle xcalcs generates - 'filename is required but was not passed as an arguement'. I can't see why it isn't passing the folder name to xcacls (the folder name is stored in the strFolder variable). I know that variable contains the correct foldername as I've done a simple msgbox strFolder to check.
The error in the log is:
Starting XCACLS.VBS (Version: 5.2) Script at 6/6/2006 10:41:20 AM
Startup directory:
"E:\Stuff From DL"
Arguments Used:
Filename is required and was not passed as an argument.
/E (Edit ACL leaving other users intact)
/G (Grant rights)
DL:R;R
/L (File: "c:\script2.log")
Error: Required Filename missing.
==========================
The code is below, any suggestions welcome. The other variable passed to xcacls, strGroup, is passed correctly as are all the other parameters, so it seems to be just that. I'm sure it's something simple, but I just can't see what.
FOOTNOTE:I have just tested it again, this time specifying a file rather than a folder (the sreadsheet contans a list of folders ie e:\folder1\folder2, I have specified an individual file c:\testfile.txt on one of the lines and it passed this to xcalcs correctly and set the permissions - so why won't it work with just a foldername?- I must be doing something wrong with the xcacls syntax?. The line that calls xcacls.vbs is near he bottom of the script.
Help! I am allocating 500 points to this question as I need to get his sorted ASAP.
The code:
' Version 1 - June 2006
'=========================
'
' VBScript Source File -- Created in SAPIEN Technologies PrimalScript 4.0
'
' NAME:Datalibrary Move Script
'
' AUTHOR: Mark Holmes
' DATE : 30/03/2006
'
' COMMENT:
'
'=========================
'Declare variables
Option Explicit
Dim intRow, objExcel, objSheet, strPathExcel
Dim strGroup, strUser, strFolder
Dim objFSO, objShell, intRunError
Dim objOU, objGroup
'Amend this path depending on where the Excel sheet Is
strPathExcel = "E:\GroupsList.xls"
intRow = 2 ' Row 1 contains headings, start reading from row 2
' Open the Excel spreadsheet
Set objFSO = CreateObject("Scripting.Fi
Set objExcel = CreateObject("Excel.Applic
Set objSheet = objExcel.Workbooks.Open(st
'Create shell for command/cacls
Set objShell = CreateObject("Wscript.Shel
'Error handling - continue if error encountered
On Error Resume Next
'Cycle through cells until string endoflist is encountered in spreadsheet column 1
MsgBox "Beginning Script Execution"
Do Until (objExcel.Cells(intRow,1).
'Read group name from column 1 and folder name from column 2
strGroup = objExcel.Cells(intRow, 1).Value
strUser = objExcel.Cells(introw, 3).Value
strFolder = objExcel.Cells(intRow, 2).Value
Call CreateGroup 'Create the group using the groupname from col 1 of the Excel sheet, stored in strGroup
Call AddUsersToGroup'Call AddUser 'Add the user in column 3 of Excel sheet to the group in column 1
Call SetACLS
'then call ChangeACL's sub to set permissions for group in col1 to read for folder in col2
intRow = introw +1 'increment introw by 1 to move to next row
Loop
objExcel.Quit ' Close Excel
Sub CreateGroup ()
Const ADS_GROUP_TYPE_GLOBAL_GROU
Const ADS_GROUP_TYPE_SECURITY_EN
'Define objects
Set objOU = GetObject("LDAP://ou=Test,
Set objGroup = objOU.Create("Group", "cn=" &strGroup)
'Create Group
objGroup.Put "sAMAccountName","" &strGroup
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROU
ADS_GROUP_TYPE_SECURITY_EN
objGroup.SetInfo
End Sub
Sub AddUsersToGroup
Dim adsPath, objUser,objGroup
Dim adsUser, adsGroup
adsPath="WinNT://NuffieldC
strUser = RTrim(strUser)
strGroup = RTrim(strGroup)
adsUser = adsPath & strUser & ",user"
adsGroup=adsPath & strGroup & ",group"
Set objUser = GetObject(adsUser)
Set objGroup= GetObject(adsGroup)
objGroup.Add(objUser.adsPa
End Sub
Sub SetACLS
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cscript.exe e:\xcacls.vbs " & strFolder & " /E /l c:\script2.log /g "& strGroup & ":R;R", 2, True)
'MsgBox strFolder
End Sub
objExcel.Quit
'Close Excel
MsgBox "Script Complete"
WScript.Quit
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.