I am currently migratng a server containing a library of data to a new box. Currenty, the access permissions for each part of the datalibrary are set using individual user names rather than groups, and I want to move the whole thing over to group based permissions. The datalibrary contains about 1300 folders all of which I need to control access to.
To do this I have used a utility called dumpacl to read the permissions data for the whole library filesystem and save it to an Excel spreadsheet. I have then created a script which reads the data from the Excel spreadsheet .The script creates AD groups based on the folder name, adds the user(s) who have access to the group and gives that group permissions on the folder. I am calling xcacls.vbs from the script to do this, but it won't work - I get an entry in the logfle xcalcs generates - 'filename is required but was not passed as an arguement'. I can't see why it isn't passing the folder name to xcacls (the folder name is stored in the strFolder variable). I know that variable contains the correct foldername as I've done a simple msgbox strFolder to check.
The error in the log is:
Starting XCACLS.VBS (Version: 5.2) Script at 6/6/2006 10:41:20 AM
"E:\Stuff From DL"
Filename is required and was not passed as an argument.
/E (Edit ACL leaving other users intact)
/G (Grant rights)
/L (File: "c:\script2.log")
Error: Required Filename missing.
The code is below, any suggestions welcome. The other variable passed to xcacls, strGroup, is passed correctly as are all the other parameters, so it seems to be just that. I'm sure it's something simple, but I just can't see what.
FOOTNOTE:I have just tested it again, this time specifying a file rather than a folder (the sreadsheet contans a list of folders ie e:\folder1\folder2, I have specified an individual file c:\testfile.txt on one of the lines and it passed this to xcalcs correctly and set the permissions - so why won't it work with just a foldername?- I must be doing something wrong with the xcacls syntax?. The line that calls xcacls.vbs is near he bottom of the script.
Help! I am allocating 500 points to this question as I need to get his sorted ASAP.
' Version 1 - June 2006
' VBScript Source File -- Created in SAPIEN Technologies PrimalScript 4.0
' NAME:Datalibrary Move Script
' AUTHOR: Mark Holmes
' DATE : 30/03/2006
Dim intRow, objExcel, objSheet, strPathExcel
Dim strGroup, strUser, strFolder
Dim objFSO, objShell, intRunError
Dim objOU, objGroup
'Amend this path depending on where the Excel sheet Is
strPathExcel = "E:\GroupsList.xls"
intRow = 2 ' Row 1 contains headings, start reading from row 2
' Open the Excel spreadsheet
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objExcel = CreateObject("Excel.Application")
Set objSheet = objExcel.Workbooks.Open(strPathExcel)
'Create shell for command/cacls
Set objShell = CreateObject("Wscript.Shell")
'Error handling - continue if error encountered
On Error Resume Next
'Cycle through cells until string endoflist is encountered in spreadsheet column 1
MsgBox "Beginning Script Execution"
Do Until (objExcel.Cells(intRow,1).Value) = "endoflist"
'Read group name from column 1 and folder name from column 2
strGroup = objExcel.Cells(intRow, 1).Value
strUser = objExcel.Cells(introw, 3).Value
strFolder = objExcel.Cells(intRow, 2).Value
Call CreateGroup 'Create the group using the groupname from col 1 of the Excel sheet, stored in strGroup
Call AddUsersToGroup'Call AddUser 'Add the user in column 3 of Excel sheet to the group in column 1
'then call ChangeACL's sub to set permissions for group in col1 to read for folder in col2
intRow = introw +1 'increment introw by 1 to move to next row
objExcel.Quit ' Close Excel
Sub CreateGroup ()
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
Set objOU = GetObject("LDAP://ou=Test,ou=NuffieldUsers,dc=nuff,dc=ox,dc=ac,dc=uk")
Set objGroup = objOU.Create("Group", "cn=" &strGroup)
objGroup.Put "sAMAccountName","" &strGroup
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
Dim adsPath, objUser,objGroup
Dim adsUser, adsGroup
strUser = RTrim(strUser)
strGroup = RTrim(strGroup)
adsUser = adsPath & strUser & ",user"
adsGroup=adsPath & strGroup & ",group"
Set objUser = GetObject(adsUser)
Set objGroup= GetObject(adsGroup)
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cscript.exe e:\xcacls.vbs " & strFolder & " /E /l c:\script2.log /g "& strGroup & ":R;R", 2, True)
MsgBox "Script Complete"