Solved

Converting command line syntax to VBScript for NTFS permissions

Posted on 2008-06-09
6
822 Views
Last Modified: 2011-10-19
Thanks to this forum, I now have the working syntax to uncheck the "inherit permissions from parent folder" with VBScript syntax:

Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.run "cscript c:\winnt\xcacls.vbs \\oak\users$\TEST /I remove /q /L c:\xlog.txt",10,true

I now need to incorporate this into the Createusers.vbs script. The relevant section is below:

If objFSO.FolderExists(strHomeFolder) Then
                     ' Assign user permission to home folder.
                    intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " _
                    & strHomeFolder & " /T /E /C /G " & strNetBIOSDomain _
                    & "\" & strNTName & ":C", 2, True)
                    If intRunError <> 0 Then
                        Wscript.Echo "Error assigning permissions for user " _
                        & strNTName & " to home folder " & strHomeFolder
                    End If
                End If
I believe I should put the code to "uncheck the inherit box" as the first line and then alter
this to assign permissions in accordance with our current network policy which are:
administrators (local) F
SYSTEM: F
<strNTName>: M

How would I alter that seciton of code to:
1) use the variables to uncheck the "inherit" box
2) use variables to then assign the necessary permissionis

I have googled this to death and tried various combinations but due to a lack of
background in VBScript, am not yet fluent with the basics. Any assistance is
greatly appreciated as this is the final step to automating user account creation.
Attached is the entire Createusers.vbs that works up to this point.

Thanks.
Createusers.txt
0
Comment
Question by:bstillion
  • 4
  • 2
6 Comments
 

Author Comment

by:bstillion
ID: 21751363
I must have "breached etiquette" here.

My guess is that the point total is too low to be attractive.

Other possible reasons no one has replied:
The answer is too obvious
Can anyone comment on what I can improve in future questions?
Thanks in advance.

Brad
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 250 total points
ID: 21755841
Hi, I wouldn't say you've breached any etiquette.....sometimes though (from my experience), if a question looks too involved, experts will feel that they do not have enough time to volunteer their services to a question, and so do not want to cause the author to take a long amount of time to find a solution....

Other experts may feel that it's beyond their knowledge....

Anyway, I've taken a look at your code, and you have pointed out the relevant section, being:

                If objFSO.FolderExists(strHomeFolder) Then
                     ' Assign user permission to home folder.
                    intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " _
                    & strHomeFolder & " /T /E /C /G " & strNetBIOSDomain _
                    & "\" & strNTName & ":C", 2, True)
                    If intRunError <> 0 Then
                        Wscript.Echo "Error assigning permissions for user " _
                        & strNTName & " to home folder " & strHomeFolder
                    End If
                End If


Now, with the new line of code that you have provided, that section should now look like this:

                If objFSO.FolderExists(strHomeFolder) Then
                     ' This is your new line of code
                     objShell.run "cscript c:\winnt\xcacls.vbs " & strHomeFolder & " /I remove /q /L c:\xlog.txt",10,true
                     ' Assign user permission to home folder.
                    intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " _
                    & strHomeFolder & " /T /E /C /G " & strNetBIOSDomain _
                    & "\" & strNTName & ":C", 2, True)
                    If intRunError <> 0 Then
                        Wscript.Echo "Error assigning permissions for user " _
                        & strNTName & " to home folder " & strHomeFolder
                    End If
                End If


where I've included the variable of the home folder (from the Excel spreadsheet) into your command.

The necessary permissions are then hopefully applied by the original code as well.

The one thing you might have to watch out for here is the location of the XCacls.vbs file you're using. This might not always be the same on all systems.

You could add a bit to the code to copy the file to that locatoin before running it, so you can be sure it's there......

Regards,

Rob.
0
 

Author Comment

by:bstillion
ID: 21758831
Rob,
Thanks for the explanation.
I can certainly simplify my questions (which helps me as well.)

I will work with your suggestions now.

Thanks you also for your help.
Brad
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:bstillion
ID: 21759538
Rob,
Here's the vbscript syntax that worked for me to uncheck the "inherit permissions from parent folder":

If objFSO.FolderExists(strHomeFolder) Then
                set objWsh = CreateObject("Wscript.Shell")
                objWsh.run "c:\WINNT\xcacls.vbs \\oak\Users$\" & strNTName & " /I remove"
                End If

strHomeFolder is designated in an excel spreadsheet and pulled into this larger script
which is free from the Win200X server resource kit called Createusers.vbs script

\\oak\users$ is the server and folder where all user home folders reside
xcacls.vbs (available free from Microsoft) is needed to "uncheck" the box-cacls cannot do it.

Thanks again for your help
Brad
0
 

Author Closing Comment

by:bstillion
ID: 31465551
Rob,
Thanks for the help. I tweaked and posted my final working syntax but your help was very useful.
Brad
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 21764987
Great work Brad, thanks for the info....and the grade.

Regards,

Rob.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question