Solved

How can I copy a multiple files to a folder that needs a different username password on the local machine?

Posted on 2008-10-23
12
334 Views
Last Modified: 2012-05-05
I'm running a windows XP laptop in a workgroup.  The latop has 2 accounts, 1 administrator account and 1 Student account (Power User).  I would like to send the student a USB stick which contains batch/script file that copies multiple files from the USB stick to a folder under the administrators account.  I've tried to use the COPY command but I get "Access Denied" as the student does not have access to the administrators folder.  The copy command does not allow you to pass username password.

Thanks in advance!!
0
Comment
Question by:rupspan
  • 5
  • 4
  • 3
12 Comments
 
LVL 4

Expert Comment

by:snowdog01
ID: 22795705
You can use the "runas" command, which will allow you to pass both the username and password.  A word of caution that the username and password will be in plain text unless you compile the entire script into an executable.
0
 
LVL 1

Expert Comment

by:TWAINdriver
ID: 22798077
The root reason your batch file is getting the access denied error is because your student user doesn't have sufficient NTFS permissions to write to the target folder.  So the problem isn't the batch file.

One way around this would be to modify the NTFS permissions for the target folder to grant the student user ONLY Write permissions to the folder.  Your batch file will then be able to copy files there.  Note that the student user will NOT be able to use Windows Explorer to navigate to the folder because that requires Read permissions as well.  This solution doesn't require to you put the Administrator password in the clear (exposed) in any way.

If you're running Windows XP Professional on your laptop, you need to have Simple File Sharing disabled in order to change the security settings on a folder.  Disable it by opening an Explorer window-->Tools menu-->Folder Options...-->View tab-->Use simple file sharing (recommended).  Deselect the check box.

If you have Windows XP Home edition, editing NTFS permissions is a lot more difficult.  You have to start the computer in Safe mode and logon as the Administrator.  But it will work.

I've attached a screen shot showing a user given only the Write permissions to a folder.

You edit folder permissions by right-clicking the folder in Explorer, select Properties, then the Security tab.  If you don't see the Security tab, re-read the few paragraphs above explaining what must be in place in order to edit NTFS permissions.
Benchguest-user--Write--permissi.jpg
0
 
LVL 1

Author Comment

by:rupspan
ID: 22814220
Thanks for the proposed solution.  I totally agree with you, the issue is that the student accounts does not have the right permissions.  Since these laptops (50 laptops in total) are 100's of miles away is it possible to script changes to permissions? Then copy the files to a folder? I need to make this simple as possible as the students are between 6 and 12 grade.

Thanks!

0
 
LVL 1

Expert Comment

by:TWAINdriver
ID: 22814379
Are the laptops in a domain or a workgroup?
0
 
LVL 1

Author Comment

by:rupspan
ID: 22814787
in a workgroup
0
 
LVL 1

Accepted Solution

by:
TWAINdriver earned 250 total points
ID: 22824595
Here's a command you can put into a batch file to automate the change.  To work you must:
1. Run it on each laptop
2. Run it with Administrative permissions

cacls "c:\test folder" /e /c /g "Student Username":W

"c:\test folder" - This is the path to the folder you want to give the student write permission to
/e - This modifies the security for the target folder rather than replace existing security (bad)
/c - Continues past errors
/g "Student Username":W - Replace "Student Username" with the username or groupname for the students.  The 'W' specifies you're only giving them the write permission.

cacls.exe should already be on each of the target laptops.

If you have the ability to access the laptops remotely with Administrative permissions, you can use PSEXEC.EXE (download at http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) to execute the command above without having to physically be at each laptop.  The command would look like this:

psexec \\laptopname cacls "c:\test folder" /e /c /g "Student Username":W

Be sure to test this out first.  Gaining access to your laptops remotely is outside the scope of this question if you don't already have the infrastructure in place to do so.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 4

Assisted Solution

by:snowdog01
snowdog01 earned 250 total points
ID: 22824689
You can also run the above "cacls" command with the "runas" command.  It would look something like the following.
 runas /user:mydomain\admin "cacls c:\testfolder /e /c /g StudentUsername:W"
You can pass the password by placing an "echo password |" in front of the runas command above.  The syntax is the echo command, the password, then the pipe character.
0
 
LVL 1

Author Comment

by:rupspan
ID: 22824704
i'm gonna test it now :)  Thanks alot!
0
 
LVL 1

Author Comment

by:rupspan
ID: 22825685
Hey twaindriver! the command works great!!  I JUST had to run it with the runas command like snowdog said.  The only problem I have is that I can't seem to pass the password to the runas command using ECHO.

I am using this command and get a logon failure.  If type the password in manually it works fine.

ECHO TEST | RUNAS /USER:ADMINISTRATOR "CACLS "C:\FOLDER" /E /C /G "STUDENT":W

Thanks guys!!
0
 
LVL 4

Expert Comment

by:snowdog01
ID: 22825751
You have to place the domain name in front of the "administrator" name, i.e. mydomain\administrator.
0
 
LVL 4

Expert Comment

by:snowdog01
ID: 22826000
0
 
LVL 1

Author Comment

by:rupspan
ID: 22826848
I came across this tool "lsrunas" and works great.

In the end the below command resolved my problem.

lsrunas /user:administrator /password:test /domain:Mydomain /command:"cacls "T:\Folder" /e /c /g "Student":W" /runpath:c:\

Thanks Snowdog1 and Twaindriver! They should rename your status to Genius
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Using dates in 'DOS' batch files has always been tricky as it has no built in ways of extracting date information.  There are many tricks using string manipulation to pull out parts of the %date% variable or output of the date /t command but these r…
Being a system administrator some time we require to do things remotely, one of them is installing software. Here I am going to tell you how to install software through wmic (Windows management instrument console). I am not at all saying that this i…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now