Solved

How can I copy a multiple files to a folder that needs a different username password on the local machine?

Posted on 2008-10-23
12
340 Views
Last Modified: 2012-05-05
I'm running a windows XP laptop in a workgroup.  The latop has 2 accounts, 1 administrator account and 1 Student account (Power User).  I would like to send the student a USB stick which contains batch/script file that copies multiple files from the USB stick to a folder under the administrators account.  I've tried to use the COPY command but I get "Access Denied" as the student does not have access to the administrators folder.  The copy command does not allow you to pass username password.

Thanks in advance!!
0
Comment
Question by:rupspan
  • 5
  • 4
  • 3
12 Comments
 
LVL 4

Expert Comment

by:snowdog01
ID: 22795705
You can use the "runas" command, which will allow you to pass both the username and password.  A word of caution that the username and password will be in plain text unless you compile the entire script into an executable.
0
 
LVL 1

Expert Comment

by:TWAINdriver
ID: 22798077
The root reason your batch file is getting the access denied error is because your student user doesn't have sufficient NTFS permissions to write to the target folder.  So the problem isn't the batch file.

One way around this would be to modify the NTFS permissions for the target folder to grant the student user ONLY Write permissions to the folder.  Your batch file will then be able to copy files there.  Note that the student user will NOT be able to use Windows Explorer to navigate to the folder because that requires Read permissions as well.  This solution doesn't require to you put the Administrator password in the clear (exposed) in any way.

If you're running Windows XP Professional on your laptop, you need to have Simple File Sharing disabled in order to change the security settings on a folder.  Disable it by opening an Explorer window-->Tools menu-->Folder Options...-->View tab-->Use simple file sharing (recommended).  Deselect the check box.

If you have Windows XP Home edition, editing NTFS permissions is a lot more difficult.  You have to start the computer in Safe mode and logon as the Administrator.  But it will work.

I've attached a screen shot showing a user given only the Write permissions to a folder.

You edit folder permissions by right-clicking the folder in Explorer, select Properties, then the Security tab.  If you don't see the Security tab, re-read the few paragraphs above explaining what must be in place in order to edit NTFS permissions.
Benchguest-user--Write--permissi.jpg
0
 
LVL 1

Author Comment

by:rupspan
ID: 22814220
Thanks for the proposed solution.  I totally agree with you, the issue is that the student accounts does not have the right permissions.  Since these laptops (50 laptops in total) are 100's of miles away is it possible to script changes to permissions? Then copy the files to a folder? I need to make this simple as possible as the students are between 6 and 12 grade.

Thanks!

0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 1

Expert Comment

by:TWAINdriver
ID: 22814379
Are the laptops in a domain or a workgroup?
0
 
LVL 1

Author Comment

by:rupspan
ID: 22814787
in a workgroup
0
 
LVL 1

Accepted Solution

by:
TWAINdriver earned 250 total points
ID: 22824595
Here's a command you can put into a batch file to automate the change.  To work you must:
1. Run it on each laptop
2. Run it with Administrative permissions

cacls "c:\test folder" /e /c /g "Student Username":W

"c:\test folder" - This is the path to the folder you want to give the student write permission to
/e - This modifies the security for the target folder rather than replace existing security (bad)
/c - Continues past errors
/g "Student Username":W - Replace "Student Username" with the username or groupname for the students.  The 'W' specifies you're only giving them the write permission.

cacls.exe should already be on each of the target laptops.

If you have the ability to access the laptops remotely with Administrative permissions, you can use PSEXEC.EXE (download at http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) to execute the command above without having to physically be at each laptop.  The command would look like this:

psexec \\laptopname cacls "c:\test folder" /e /c /g "Student Username":W

Be sure to test this out first.  Gaining access to your laptops remotely is outside the scope of this question if you don't already have the infrastructure in place to do so.
0
 
LVL 4

Assisted Solution

by:snowdog01
snowdog01 earned 250 total points
ID: 22824689
You can also run the above "cacls" command with the "runas" command.  It would look something like the following.
 runas /user:mydomain\admin "cacls c:\testfolder /e /c /g StudentUsername:W"
You can pass the password by placing an "echo password |" in front of the runas command above.  The syntax is the echo command, the password, then the pipe character.
0
 
LVL 1

Author Comment

by:rupspan
ID: 22824704
i'm gonna test it now :)  Thanks alot!
0
 
LVL 1

Author Comment

by:rupspan
ID: 22825685
Hey twaindriver! the command works great!!  I JUST had to run it with the runas command like snowdog said.  The only problem I have is that I can't seem to pass the password to the runas command using ECHO.

I am using this command and get a logon failure.  If type the password in manually it works fine.

ECHO TEST | RUNAS /USER:ADMINISTRATOR "CACLS "C:\FOLDER" /E /C /G "STUDENT":W

Thanks guys!!
0
 
LVL 4

Expert Comment

by:snowdog01
ID: 22825751
You have to place the domain name in front of the "administrator" name, i.e. mydomain\administrator.
0
 
LVL 4

Expert Comment

by:snowdog01
ID: 22826000
0
 
LVL 1

Author Comment

by:rupspan
ID: 22826848
I came across this tool "lsrunas" and works great.

In the end the below command resolved my problem.

lsrunas /user:administrator /password:test /domain:Mydomain /command:"cacls "T:\Folder" /e /c /g "Student":W" /runpath:c:\

Thanks Snowdog1 and Twaindriver! They should rename your status to Genius
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to use wail2ban ?? 13 164
Adding automation to a search and and replace a character in a text file. 5 52
Date variable in batch file 2 47
Coding yesterday's date 3 38
You may have already been in the need to update a whole folder stucture using a script. Robocopy does it well and even provides a list of non-updated files in a log (if asked to). Generally those files that were locked by a user or a process by the …
Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question