Solved

How can I copy a multiple files to a folder that needs a different username password on the local machine?

Posted on 2008-10-23
12
341 Views
Last Modified: 2012-05-05
I'm running a windows XP laptop in a workgroup.  The latop has 2 accounts, 1 administrator account and 1 Student account (Power User).  I would like to send the student a USB stick which contains batch/script file that copies multiple files from the USB stick to a folder under the administrators account.  I've tried to use the COPY command but I get "Access Denied" as the student does not have access to the administrators folder.  The copy command does not allow you to pass username password.

Thanks in advance!!
0
Comment
Question by:rupspan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 4

Expert Comment

by:snowdog01
ID: 22795705
You can use the "runas" command, which will allow you to pass both the username and password.  A word of caution that the username and password will be in plain text unless you compile the entire script into an executable.
0
 
LVL 1

Expert Comment

by:TWAINdriver
ID: 22798077
The root reason your batch file is getting the access denied error is because your student user doesn't have sufficient NTFS permissions to write to the target folder.  So the problem isn't the batch file.

One way around this would be to modify the NTFS permissions for the target folder to grant the student user ONLY Write permissions to the folder.  Your batch file will then be able to copy files there.  Note that the student user will NOT be able to use Windows Explorer to navigate to the folder because that requires Read permissions as well.  This solution doesn't require to you put the Administrator password in the clear (exposed) in any way.

If you're running Windows XP Professional on your laptop, you need to have Simple File Sharing disabled in order to change the security settings on a folder.  Disable it by opening an Explorer window-->Tools menu-->Folder Options...-->View tab-->Use simple file sharing (recommended).  Deselect the check box.

If you have Windows XP Home edition, editing NTFS permissions is a lot more difficult.  You have to start the computer in Safe mode and logon as the Administrator.  But it will work.

I've attached a screen shot showing a user given only the Write permissions to a folder.

You edit folder permissions by right-clicking the folder in Explorer, select Properties, then the Security tab.  If you don't see the Security tab, re-read the few paragraphs above explaining what must be in place in order to edit NTFS permissions.
Benchguest-user--Write--permissi.jpg
0
 
LVL 1

Author Comment

by:rupspan
ID: 22814220
Thanks for the proposed solution.  I totally agree with you, the issue is that the student accounts does not have the right permissions.  Since these laptops (50 laptops in total) are 100's of miles away is it possible to script changes to permissions? Then copy the files to a folder? I need to make this simple as possible as the students are between 6 and 12 grade.

Thanks!

0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 1

Expert Comment

by:TWAINdriver
ID: 22814379
Are the laptops in a domain or a workgroup?
0
 
LVL 1

Author Comment

by:rupspan
ID: 22814787
in a workgroup
0
 
LVL 1

Accepted Solution

by:
TWAINdriver earned 250 total points
ID: 22824595
Here's a command you can put into a batch file to automate the change.  To work you must:
1. Run it on each laptop
2. Run it with Administrative permissions

cacls "c:\test folder" /e /c /g "Student Username":W

"c:\test folder" - This is the path to the folder you want to give the student write permission to
/e - This modifies the security for the target folder rather than replace existing security (bad)
/c - Continues past errors
/g "Student Username":W - Replace "Student Username" with the username or groupname for the students.  The 'W' specifies you're only giving them the write permission.

cacls.exe should already be on each of the target laptops.

If you have the ability to access the laptops remotely with Administrative permissions, you can use PSEXEC.EXE (download at http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) to execute the command above without having to physically be at each laptop.  The command would look like this:

psexec \\laptopname cacls "c:\test folder" /e /c /g "Student Username":W

Be sure to test this out first.  Gaining access to your laptops remotely is outside the scope of this question if you don't already have the infrastructure in place to do so.
0
 
LVL 4

Assisted Solution

by:snowdog01
snowdog01 earned 250 total points
ID: 22824689
You can also run the above "cacls" command with the "runas" command.  It would look something like the following.
 runas /user:mydomain\admin "cacls c:\testfolder /e /c /g StudentUsername:W"
You can pass the password by placing an "echo password |" in front of the runas command above.  The syntax is the echo command, the password, then the pipe character.
0
 
LVL 1

Author Comment

by:rupspan
ID: 22824704
i'm gonna test it now :)  Thanks alot!
0
 
LVL 1

Author Comment

by:rupspan
ID: 22825685
Hey twaindriver! the command works great!!  I JUST had to run it with the runas command like snowdog said.  The only problem I have is that I can't seem to pass the password to the runas command using ECHO.

I am using this command and get a logon failure.  If type the password in manually it works fine.

ECHO TEST | RUNAS /USER:ADMINISTRATOR "CACLS "C:\FOLDER" /E /C /G "STUDENT":W

Thanks guys!!
0
 
LVL 4

Expert Comment

by:snowdog01
ID: 22825751
You have to place the domain name in front of the "administrator" name, i.e. mydomain\administrator.
0
 
LVL 4

Expert Comment

by:snowdog01
ID: 22826000
0
 
LVL 1

Author Comment

by:rupspan
ID: 22826848
I came across this tool "lsrunas" and works great.

In the end the below command resolved my problem.

lsrunas /user:administrator /password:test /domain:Mydomain /command:"cacls "T:\Folder" /e /c /g "Student":W" /runpath:c:\

Thanks Snowdog1 and Twaindriver! They should rename your status to Genius
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
When you receive another warning that your shared drive is almost full and you have asked your users to clean out old files again and again, here is a single command that may help. This command will place all the files that have not been used rec…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question