Remove one user from all folder shares
Hi,
I have a machine which has many shares.I want to remove 1 user from which ever share he is a member.Can i have a script or tool which can remove user from all folder shares/permissions.
Regards
Sharath
I have a machine which has many shares.I want to remove 1 user from which ever share he is a member.Can i have a script or tool which can remove user from all folder shares/permissions.
Regards
Sharath
This is a good example of why is is always recommended that permissions are never assigned to users - only to groups - that way all you would have had to do would be to remove the user from the group!
ASKER
Kurt_Braeckmans
What are the changes i need to do in this script
What are the changes i need to do in this script
The script is only an example how you can create a share and add/change the security on the share.
It's not the "magical" solution.
The user in question does he/she still work for the company? If the user stopped working for the company, delete the account (just make sure that the mailbox is safe...). The user will not be deleted from all shares but all shares will show a SID.
I think that in the future you will have this problem again, so it's probably easier to give permissions on shares to groups and not to users.
It's not the "magical" solution.
The user in question does he/she still work for the company? If the user stopped working for the company, delete the account (just make sure that the mailbox is safe...). The user will not be deleted from all shares but all shares will show a SID.
I think that in the future you will have this problem again, so it's probably easier to give permissions on shares to groups and not to users.
ASKER
Ok Understood but for the time i need to remove some users from the group who are there in the company but need not have share permissions for that file server.
Use rmtshare.exe from Resource kit. here is teh sample for deletion
rmtshare \\server\share /REMOVE username
Like that you can run to all shares.
more info here.
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=6353
ASKER
Can all the shares be taken from the file.I have a file with all the shares
two ways
1- you can copy all the share name in excel and do prefix "rmtshare \\server\" and suffix "/REMOVE username".copy that file as *.bat Then you can run the command for all shares.
2- VBS
----------------
Const ForReading = 1
Set objDictionary = CreateObject("Scripting.Di
Set objFSO = CreateObject("Scripting.Fi
Set objShell = WScript.CreateObject("WScr
Set objTextFile = objFSO.OpenTextFile _
("c:\Shares.txt", ForReading)
i = 0
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
objDictionary.Add i, strNextLine
i = i + 1
Loop
For Each objItem in objDictionary
StrShare = objDictionary.Item(objItem
objShell.Run "%comspec% /c rmtshare.exe \\servername\" & strShare & " /REMOVE yourusername", 1, True
Next
----------------
1- make sure your folder got rmtshare.exe.
2- repllace servername & yourusername with your values.
3- keep share names only in C:\shares.txt folder.
1- you can copy all the share name in excel and do prefix "rmtshare \\server\" and suffix "/REMOVE username".copy that file as *.bat Then you can run the command for all shares.
2- VBS
----------------
Const ForReading = 1
Set objDictionary = CreateObject("Scripting.Di
Set objFSO = CreateObject("Scripting.Fi
Set objShell = WScript.CreateObject("WScr
Set objTextFile = objFSO.OpenTextFile _
("c:\Shares.txt", ForReading)
i = 0
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
objDictionary.Add i, strNextLine
i = i + 1
Loop
For Each objItem in objDictionary
StrShare = objDictionary.Item(objItem
objShell.Run "%comspec% /c rmtshare.exe \\servername\" & strShare & " /REMOVE yourusername", 1, True
Next
----------------
1- make sure your folder got rmtshare.exe.
2- repllace servername & yourusername with your values.
3- keep share names only in C:\shares.txt folder.
ASKER
I have chanded the script as this.
Const ForReading = 1
Set objDictionary = CreateObject("Scripting.Di
Set objFSO = CreateObject("Scripting.Fi
Set objShell = WScript.CreateObject("WScr
Set objTextFile = objFSO.OpenTextFile _
("c:\Shares.txt", ForReading)
i = 0
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
objDictionary.Add i, strNextLine
i = i + 1
Loop
For Each objItem in objDictionary
StrShare = objDictionary.Item(objItem
objShell.Run "%comspec% /c rmtshare.exe \\dev-chen-mrd100\" & strShare & " /REMOVE enochj", 1, True
Next
rmtshare.exe is in the same folder.
Still enochj is not removed from the folders in the share.txt
Const ForReading = 1
Set objDictionary = CreateObject("Scripting.Di
Set objFSO = CreateObject("Scripting.Fi
Set objShell = WScript.CreateObject("WScr
Set objTextFile = objFSO.OpenTextFile _
("c:\Shares.txt", ForReading)
i = 0
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
objDictionary.Add i, strNextLine
i = i + 1
Loop
For Each objItem in objDictionary
StrShare = objDictionary.Item(objItem
objShell.Run "%comspec% /c rmtshare.exe \\dev-chen-mrd100\" & strShare & " /REMOVE enochj", 1, True
Next
rmtshare.exe is in the same folder.
Still enochj is not removed from the folders in the share.txt
run this and tell me what you get.
rmtshare \\dev-chen-mrd100\YourShar
rmtshare \\dev-chen-mrd100\YourShar
ASKER
I get this..
C:\>rmtshare \\dev-chen-mrd100\folder /REMOVE enochj
The command completed successfully.
I checked the folder but still enochj is a there.
C:\>rmtshare \\dev-chen-mrd100\folder /REMOVE enochj
The command completed successfully.
I checked the folder but still enochj is a there.
It worked for me.
is enochj is the domain user or local computer user ?
If domain user please try domainname\enochj
Please chek the syntax of that command also. that will tell you
is enochj is the domain user or local computer user ?
If domain user please try domainname\enochj
Please chek the syntax of that command also. that will tell you
in your command you are giving folder name --- C:\>rmtshare \\dev-chen-mrd100\folder /REMOVE enochj
It should be share name.
It should be share name.
ASKER
domainname\enochj it removes the user.But it is removing from the share permissions
As i asked before.
Can i have a script or tool which can remove user from all folder shares/permissions.
Need to remove enochj from the security permissions.Sorry if i got you confused...
As i asked before.
Can i have a script or tool which can remove user from all folder shares/permissions.
Need to remove enochj from the security permissions.Sorry if i got you confused...
ASKER
Any help....
you need to use Xcacls.exe only. try that for NTFS permission....
Did you try Xcacls.exe command ?
ASKER
Can you please give me the command i tried varies way but no sucess...
Tell me clearly on what you want to do ?
ASKER
There are many folders in D drive where Enochj has permissions.I want a way to scan all folders and remove Enochj from all Security permissions...
use dumpsec.exe to find the rights for Enochj.
Then say for sample you have a folder called E:\JUNK and you want to remove rights for Enochj.
Xcacls.exe E:\JUNK /T /R Enochj
Then say for sample you have a folder called E:\JUNK and you want to remove rights for Enochj.
Xcacls.exe E:\JUNK /T /R Enochj
ASKER
Where can i download xcalcs.exe?
ASKER
I got the exe from here
http://www.microsoft.com/downloads/details.aspx?FamilyID=0ad33a24-0616-473c-b103-c35bc2820bda&DisplayLang=en&displaylang=en
Will check and post...
http://www.microsoft.com/downloads/details.aspx?FamilyID=0ad33a24-0616-473c-b103-c35bc2820bda&DisplayLang=en&displaylang=en
Will check and post...
ASKER
I get this
C:\>Xcacls.exe c:\JUNK /T /R Enochj
Do you want to continue (Y/N)?y
processed directory: c:\Junk
ERROR: Access is denied.
I put in many users in the security permissions all other user are vanishing except enochj.Why are other users vanishing?
C:\>Xcacls.exe c:\JUNK /T /R Enochj
Do you want to continue (Y/N)?y
processed directory: c:\Junk
ERROR: Access is denied.
I put in many users in the security permissions all other user are vanishing except enochj.Why are other users vanishing?
Please use /E option as well.
Xcacls.exe c:\JUNK /T /R /E Enochj
Xcacls.exe c:\JUNK /T /R /E Enochj
ASKER
I get this.
C:\>xcacls.exe c:\JUNK /T /R /E Enochj
XCACLS filename [/T] [/E|/X] [/C] [/G user:perm;spec] [/R user [...]]
[/P user:perm;spec [...]] [/D user [...]] [/Y]
C:\>xcacls.exe c:\JUNK /T /R /E Enochj
XCACLS filename [/T] [/E|/X] [/C] [/G user:perm;spec] [/R user [...]]
[/P user:perm;spec [...]] [/D user [...]] [/Y]
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks this worked and now as i asked before.
There are many folders in D drive where Enochj has permissions.I want a way to scan all folders and remove Enochj from all Security permissions....I have the shares in the file if required.
There are many folders in D drive where Enochj has permissions.I want a way to scan all folders and remove Enochj from all Security permissions....I have the shares in the file if required.
Use dumpsec.exe to dump the permission to a file. Then you can find where ever Enochj got permission.
Then you can use xcacls.exe to all those folders.
Then you can use xcacls.exe to all those folders.
http://technet2.microsoft.com/windowsserver/en/library/e5026578-e891-4107-aa2e-9d180428055d1033.mspx?mfr=true
A possible script that can help you:
http://www.tek-tips.com/viewthread.cfm?qid=1158235&page=1