We help IT Professionals succeed at work.

Remove one user from all folder shares

312 Views
Last Modified: 2010-03-05
Hi,

I have a machine which has many shares.I want to remove 1 user from which ever share he is a member.Can i have a script or tool which can remove user from all folder shares/permissions.

Regards
Sharath
Comment
Watch Question

the guidelines from microsoft to set security:
http://technet2.microsoft.com/windowsserver/en/library/e5026578-e891-4107-aa2e-9d180428055d1033.mspx?mfr=true

A possible script that can help you:
http://www.tek-tips.com/viewthread.cfm?qid=1158235&page=1
Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
This is a good example of why is is always recommended that permissions are never assigned to users - only to groups - that way all you would have had to do would be to remove the user from the group!

Author

Commented:
Kurt_Braeckmans
What are the changes i need to do in this script
The script is only an example how you can create a share and add/change the security on the share.
It's not the "magical" solution.

The user in question does he/she still work for the company?  If the user stopped working for the company, delete the account (just make sure that the mailbox is safe...).  The user will not be deleted from all shares but all shares will show a SID.

I think that in the future you will have this problem again, so it's probably easier to give permissions on shares to groups and not to users.

Author

Commented:
Ok Understood but for the time i need to remove some users from the group who are there in the company but need not have share permissions for that file server.


Use rmtshare.exe from Resource kit. here is teh sample for deletion

rmtshare \\server\share /REMOVE username

Like that you can run to all shares.


more info here.

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=6353

Author

Commented:
Can all the shares be taken from the file.I have a file with all the shares
two ways
1- you can copy all the share name in excel and do prefix "rmtshare \\server\" and suffix "/REMOVE username".copy that file as *.bat  Then you can run the command for all shares.


2- VBS
----------------

Const ForReading = 1
Set objDictionary = CreateObject("Scripting.Dictionary")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objTextFile = objFSO.OpenTextFile _
    ("c:\Shares.txt", ForReading)
i = 0
Do Until objTextFile.AtEndOfStream
    strNextLine = objTextFile.Readline
    objDictionary.Add i, strNextLine
    i = i + 1
Loop

For Each objItem in objDictionary
    StrShare = objDictionary.Item(objItem)
objShell.Run "%comspec% /c rmtshare.exe \\servername\" & strShare & " /REMOVE yourusername", 1, True
Next
----------------

1- make sure your folder got rmtshare.exe.
2- repllace servername & yourusername with your values.
3- keep share names only in C:\shares.txt folder.


Author

Commented:
I have chanded the script as this.

Const ForReading = 1
Set objDictionary = CreateObject("Scripting.Dictionary")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objTextFile = objFSO.OpenTextFile _
    ("c:\Shares.txt", ForReading)
i = 0
Do Until objTextFile.AtEndOfStream
    strNextLine = objTextFile.Readline
    objDictionary.Add i, strNextLine
    i = i + 1
Loop

For Each objItem in objDictionary
    StrShare = objDictionary.Item(objItem)
objShell.Run "%comspec% /c rmtshare.exe \\dev-chen-mrd100\" & strShare & " /REMOVE enochj", 1, True
Next
rmtshare.exe is in the same folder.

Still enochj is not removed from the folders in the share.txt
run this and tell me what you get.

rmtshare \\dev-chen-mrd100\YourShareNameHere /REMOVE enochj

Author

Commented:
I get this..

C:\>rmtshare \\dev-chen-mrd100\folder /REMOVE enochj

The command completed successfully.

I checked the folder but still enochj is a there.
It worked for me.

is enochj is the domain user or local computer user ?

If domain user please try domainname\enochj

Please chek the syntax of that command also. that will tell you
in your command you are giving folder name --- C:\>rmtshare \\dev-chen-mrd100\folder /REMOVE enochj

It should be share name.

Author

Commented:
domainname\enochj it removes the user.But it is removing from the share permissions

As i asked before.

Can i have a script or tool which can remove user from all folder shares/permissions.

Need to remove enochj from the security permissions.Sorry if i got you confused...

Author

Commented:
Any help....
you need to use Xcacls.exe only. try that for NTFS permission....
Did you try Xcacls.exe command ?

Author

Commented:
Can you please give me the command i tried varies way but no sucess...
Tell me clearly on what you want to do ?

Author

Commented:
There are many folders in D drive where Enochj has permissions.I want a way to scan all folders and remove Enochj from all Security permissions...
use dumpsec.exe to find the rights for Enochj.

Then say for sample you have a folder called E:\JUNK and you want to remove rights for Enochj.

Xcacls.exe E:\JUNK /T /R Enochj

Author

Commented:
Where can i download xcalcs.exe?

Author

Commented:
I got the exe from here

http://www.microsoft.com/downloads/details.aspx?FamilyID=0ad33a24-0616-473c-b103-c35bc2820bda&DisplayLang=en&displaylang=en

Will check and post...

Author

Commented:
I get this


C:\>Xcacls.exe c:\JUNK /T /R Enochj
Do you want to continue (Y/N)?y
processed directory: c:\Junk
ERROR: Access is denied.

I put in many users in the security permissions all other user are vanishing except enochj.Why are other users vanishing?
Please use /E option as well.

Xcacls.exe c:\JUNK /T /R /E Enochj

Author

Commented:
I get this.
C:\>xcacls.exe c:\JUNK /T /R /E Enochj

XCACLS filename [/T] [/E|/X] [/C] [/G user:perm;spec] [/R user [...]]
                [/P user:perm;spec [...]] [/D user [...]] [/Y]
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks this worked and now as i asked before.

There are many folders in D drive where Enochj has permissions.I want a way to scan all folders and remove Enochj from all Security permissions....I have the shares in the file if required.
Use dumpsec.exe to dump the permission to a file. Then you can find where ever Enochj got permission.
 Then you can use xcacls.exe to all those folders.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.