[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Need a script to change NTFS permissions on a local folder

Posted on 2006-11-03
19
Medium Priority
?
9,280 Views
Last Modified: 2012-08-13
Need a script to change NTFS permissions on a local folder (c:\program files\[the application]) to allow Domain Users full control.  See, I need to give my users full control to an application directory or the application won't run.  

So, I'm thinking that it would be easy to run a login script changing the folder's permissions.  Obviously, I need all child directories and files to get the parent folder permissions too.  

Alternatively, it would be really cool to know how to make a script run as Administrator even though it was executed by a user.  Like, I could have a script.bat and e-mail it to a user.  Then the user could run it, but the script would run as Administrator with full permissions/privileges.

Thanks!
0
Comment
Question by:coolrazor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 7
19 Comments
 
LVL 9

Accepted Solution

by:
SamuraiCrow earned 200 total points
ID: 17868771
For the letting the user change the permissions with admin rights use AutoIT!

(Download here:)
http://www.autoitscript.com/autoit3/

You can easily create a m3u script file that can be compiled into an executable.  Just specify the account, password, name of the exe or bat file, and path.  Works like a charm. Best of all it's free!  Definately one of the most useful tools I have in my admin arsenal.  Here is the syntax:

Dim $UserName, $DomainName, $Password, $RunProgram, $RunPath

$UserName = "Username"
$DomainName = "domainname"
$Password = "Password"

$RunProgram = "setup.exe"
$RunPath = "\\servername\sharename"


RunAsSet ( $UserName, $DomainName, $Password )

$val = RunWait($RunPath & "\" & $RunProgram, $RunPath, @SW_Maximize)
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17868786
download xcacls here to modify file permissions.  I'll have the syntax for you in a moment:
http://support.microsoft.com/kb/318754
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17868854
Here is the xcacls syntax that can be used to modify permissions on a directory:
xcacls c:\test /t /e /c /g "dec\domain users":F /Y
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17868897
Allright - We have the pieces, here is the game plan:

Create a file called perms.bat on a network share (users will need read and execute access to this share).

Add the 'xcacls c:\test /t /e /c /g "dec\domain users":F /Y' line where c:\test is the file path you want to update permissions on

in the autoIT script update the following sections with the appropriate info:
$UserName = "Username"
$DomainName = "domainname"
$Password = "Password"
$RunProgram = "perms.bat"
$RunPath = "\\servername\sharename"

Once the script it done right click on the m3u file and select compile to executable

Test out the exe on a few users to make sure it works properly then deploy!
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17868926
Just a couple of notes:

when specifying the path in the xcacls command make sure to put quotes around it if there are spaces (ex "c:\Program Files\...")
the xcacls command can also be pushed through a computer startup script with group policy (no need for auto it in this case)
AutoIT is generally used for software install automation and it probably the coolest free tool I've ever used.  Learn to use it and if you can send a donation        ------their way.

Hope this helps!
Crow
0
 

Author Comment

by:coolrazor
ID: 17870670
Thanks a bunch for showing me AutoIt!  That's a really cool piece of software.

xcacls, however, isn't running right.  It says "You are not using CScript for the scripting engine".  I thought I saw a webpage saying that I needed to put xcacls in the Windows directory and run something to switch engines, but I'm not sure of where that was and can't find the page.  Any hints?  

Also, I'd rather not have to change the scripting engines on my users' desktops if I would have to do it manually.  My goal is to e-mail them saying, "run this attached executable and, presto, our wonderful VoIP app will work".
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17870818
Make the perms.bat syntax look like this:

CScript//H:Cscript //S
'xcacls c:\test /t /e /c /g "dec\domain users":F /Y

That should set the script engine to run properly.
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17870820
Oops, small correction:

CScript//H:Cscript //S
xcacls c:\test /t /e /c /g "dec\domain users":F /Y
0
 

Author Comment

by:coolrazor
ID: 17871025
It ran silently and smoothly... but when I checked the folder permissions nothing had changed.
I was a little more explicit in my bat file, could that be the problem?
Here's the bat file:

CScript//H:Cscript //S
\\[server]\[share]\scripts\xcacls "c:\Program Files\Interactive Intelligence\" /t /e /c /g "dec\domain users":F /Y

CScript//H:Cscript //S
\\[server]\[share]\scripts\xcacls "c:\Program Files\Interactive Intelligence\" /t /e /c /g "dec\all employees":F /Y

pause
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17871221
Place your domain name where is says dec:

"dec\domain users"

Sorry, missed that on the first run.
0
 

Author Comment

by:coolrazor
ID: 17871297
We're SO close to getting this!

CScript//H:Cscript //S
\\[server]\[share]\scripts\xcacls "c:\Program Files\Interactive Intelligence\" /t /e /c /g "dec\domain users":F /Y

It error's out on the /c part.  What does the /c parameter do?

"Error: Invalid flag /c.
Please check the input and try again."
0
 

Author Comment

by:coolrazor
ID: 17871316
FYI, I'm leaving for the day and will be back on Monday.
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17871367
it basically continues on access denied errors.  We can remove it if needed.  Did you replace the domain name? (To be continued Monday)
0
 

Author Comment

by:coolrazor
ID: 17882687
It works!  I had to drop the /c and the /Y parameters, but it runs.  Also, I had to change the user group "all employees" to "allemployees", I guess that's how the system reads the group name internally.

The batch file runs and doesn't get stopped asking for user input, which I thought it would since I took out the /Y.  I prefer it not to ask the user any questions, but I wonder why it didn't.

CScript//H:Cscript //S
\\[server]\[share]\scripts\xcacls "c:\Program Files\Interactive Intelligence\" /t /e /g "[domain]\domain users":F

CScript//H:Cscript //S
\\[server]\[share]\scripts\xcacls "c:\Program Files\Interactive Intelligence\" /t /e /g "[domain]\allemployees":F

0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17882712
The version of xcacls you downloaded might be more recent then the version I have on my machine (not for long!).  I'm glad it worked.
0
 

Author Comment

by:coolrazor
ID: 17891422
A new twist...

The batch file worked  well except... I need all CHILD files and folders to inherit the new added permissions.
(Also, how do I add 30 points for this add-on question?  I don't want to start a new question seeing as how it is wholly related to this one.)
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17891484
No worries on the point add.  Try adding an * after Interactive Intelligence

CScript//H:Cscript //S
\\[server]\[share]\scripts\xcacls "c:\Program Files\Interactive Intelligence\*" /t /e /g "[domain]\domain users":F

CScript//H:Cscript //S
\\[server]\[share]\scripts\xcacls "c:\Program Files\Interactive Intelligence\*" /t /e /g "[domain]\allemployees":F
0
 

Author Comment

by:coolrazor
ID: 17892746
Ok, I found out that the parameters for xcacls.vbs (which is what I'm using) and xcacles.exe are different.  That cleared up a few things.  In the end, I just hard coded the child directory that wouldn't propagate the new permissions

I.E.
CScript//H:Cscript //S
\\[server]\[share]\scripts\xcacls "c:\Program Files\Interactive Intelligence\Interaction Client .NET Edition\" /t /e /g "[domain]\allemployees":F

Everything within that directory got the new permissions.  Turns out that the .NET Edition folder didn't have "allow inherit from parent" set.  My guess is that there is a way to brute force inheriting, but I didn't need to since everything within the .NET Edition folder was inheriting from the .NET Edition folder.  

Thanks a lot for your help!
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17892770
No problem.  I'm glad you got it worked out.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question