• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

How can I copy a multiple files to a folder that needs a different username password on the local machine?

I'm running a windows XP laptop in a workgroup.  The latop has 2 accounts, 1 administrator account and 1 Student account (Power User).  I would like to send the student a USB stick which contains batch/script file that copies multiple files from the USB stick to a folder under the administrators account.  I've tried to use the COPY command but I get "Access Denied" as the student does not have access to the administrators folder.  The copy command does not allow you to pass username password.

Thanks in advance!!
0
rupspan
Asked:
rupspan
  • 5
  • 4
  • 3
2 Solutions
 
snowdog01Commented:
You can use the "runas" command, which will allow you to pass both the username and password.  A word of caution that the username and password will be in plain text unless you compile the entire script into an executable.
0
 
TWAINdriverCommented:
The root reason your batch file is getting the access denied error is because your student user doesn't have sufficient NTFS permissions to write to the target folder.  So the problem isn't the batch file.

One way around this would be to modify the NTFS permissions for the target folder to grant the student user ONLY Write permissions to the folder.  Your batch file will then be able to copy files there.  Note that the student user will NOT be able to use Windows Explorer to navigate to the folder because that requires Read permissions as well.  This solution doesn't require to you put the Administrator password in the clear (exposed) in any way.

If you're running Windows XP Professional on your laptop, you need to have Simple File Sharing disabled in order to change the security settings on a folder.  Disable it by opening an Explorer window-->Tools menu-->Folder Options...-->View tab-->Use simple file sharing (recommended).  Deselect the check box.

If you have Windows XP Home edition, editing NTFS permissions is a lot more difficult.  You have to start the computer in Safe mode and logon as the Administrator.  But it will work.

I've attached a screen shot showing a user given only the Write permissions to a folder.

You edit folder permissions by right-clicking the folder in Explorer, select Properties, then the Security tab.  If you don't see the Security tab, re-read the few paragraphs above explaining what must be in place in order to edit NTFS permissions.
Benchguest-user--Write--permissi.jpg
0
 
rupspanAuthor Commented:
Thanks for the proposed solution.  I totally agree with you, the issue is that the student accounts does not have the right permissions.  Since these laptops (50 laptops in total) are 100's of miles away is it possible to script changes to permissions? Then copy the files to a folder? I need to make this simple as possible as the students are between 6 and 12 grade.

Thanks!

0
[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

 
TWAINdriverCommented:
Are the laptops in a domain or a workgroup?
0
 
rupspanAuthor Commented:
in a workgroup
0
 
TWAINdriverCommented:
Here's a command you can put into a batch file to automate the change.  To work you must:
1. Run it on each laptop
2. Run it with Administrative permissions

cacls "c:\test folder" /e /c /g "Student Username":W

"c:\test folder" - This is the path to the folder you want to give the student write permission to
/e - This modifies the security for the target folder rather than replace existing security (bad)
/c - Continues past errors
/g "Student Username":W - Replace "Student Username" with the username or groupname for the students.  The 'W' specifies you're only giving them the write permission.

cacls.exe should already be on each of the target laptops.

If you have the ability to access the laptops remotely with Administrative permissions, you can use PSEXEC.EXE (download at http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) to execute the command above without having to physically be at each laptop.  The command would look like this:

psexec \\laptopname cacls "c:\test folder" /e /c /g "Student Username":W

Be sure to test this out first.  Gaining access to your laptops remotely is outside the scope of this question if you don't already have the infrastructure in place to do so.
0
 
snowdog01Commented:
You can also run the above "cacls" command with the "runas" command.  It would look something like the following.
 runas /user:mydomain\admin "cacls c:\testfolder /e /c /g StudentUsername:W"
You can pass the password by placing an "echo password |" in front of the runas command above.  The syntax is the echo command, the password, then the pipe character.
0
 
rupspanAuthor Commented:
i'm gonna test it now :)  Thanks alot!
0
 
rupspanAuthor Commented:
Hey twaindriver! the command works great!!  I JUST had to run it with the runas command like snowdog said.  The only problem I have is that I can't seem to pass the password to the runas command using ECHO.

I am using this command and get a logon failure.  If type the password in manually it works fine.

ECHO TEST | RUNAS /USER:ADMINISTRATOR "CACLS "C:\FOLDER" /E /C /G "STUDENT":W

Thanks guys!!
0
 
snowdog01Commented:
You have to place the domain name in front of the "administrator" name, i.e. mydomain\administrator.
0
 
snowdog01Commented:
0
 
rupspanAuthor Commented:
I came across this tool "lsrunas" and works great.

In the end the below command resolved my problem.

lsrunas /user:administrator /password:test /domain:Mydomain /command:"cacls "T:\Folder" /e /c /g "Student":W" /runpath:c:\

Thanks Snowdog1 and Twaindriver! They should rename your status to Genius
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now