Link to home
Create AccountLog in
Avatar of chizzle637
chizzle637Flag for United States of America

asked on

logon script

I have a logon script that maps users home folders. I tried to use the below script to change the permissions. I was wondering if anyone had one without so much user interaction. That could run in the background
'INTRO
'I'M NOT YELLING, I FIND THE CAPS MAKE IT EASIER TO PICK THE COMMENTS OUT OF THE GIBBERISH.
'YOU MAY DO ANYTHING YOU WANT WITH THIS SCRIPT. SELL IT, CHANGE IT, STEAL IT, WHATEVER, I DON'T CARE.
 
'OVERVIEW
'WHAT THE DAMN THING DOES...
'RESETS THE SECURITY ON A COLLECTION OF HOME FOLDERS BY
'ASSIGNING ALLOW FULL CONTROL TO ADMINISTRATORS
'AND ALLOW MODIFY TO THE ACCOUNT WHOSE HOME FOLDER IT IS.
'YES, WHEN YOU CREATE HOME FOLDERS VIA AD THEY SHOULD BE
'SECURED CORRECTLY HOWEVER THE LAST NETWORK I ENCOUNTERED HAD
'2,000+ HOME FOLDERS SET TO EVERYONE, ALLOW FULL CONTROL
'(HENCE THE REASON FOR THIS SCRIPT).
'THIS SCRIPT REQUIRES THAT SOME PORTION OF THE HOME FOLDER NAMES
'CONTAIN THEIR ASSOCIATED ACCOUNT NAME. FOR EXAMPLE:
'$$JOHNH OR JOHNH$$$ OR EVEN #T^JOHNH!?%*.
'WHATEVER THE HOME FOLDER NAMING CONVENTION,
'HOPEFULLY IT'S BEEN USED CONSISTENTLY.
 
'QUICK STEP BY STEP
'-NOTIFIES YOU THAT XCACLS.VBS IS REQUIRED
'-OPTION TO DOWNLOAD XCACLS.VBS FROM MS, CONTINUE, OR CANCEL
'-SPECIFY THE PARENT DIRECTORY CONTAINING XCACLS.VBS
'-SPECIFY THE PARENT DIRECTORY CONTAINING YOUR HOME FOLDERS (PLEASE MAP A DRIVE IF NOT LOCAL)
'-SPECIFY THE DOWNLEVEL DOMAIN NAME THESE ACCOUNTS ARE IN
'-SPECIFY HOW MANY (IF ANY) CHARACTERS IN THE FOLDER NAME TO IGNORE STARTING ON THE LEFT
'-EXAMPLE: IF NAMED $$JOHNH YOU WOULD SKIP 2 CHARACTERS
'-SPECIFY HOW MANY (IF ANY) CHARACTERS IN THE FOLDER NAME TO IGNORE FROM THE RIGHT
'-EXAMPLE: IF NAMED JOHNH$%*$ YOU WOULD SPECIFY 4 CHARACTERS
'-WARNS YOU TO CLOSE ANY OPEN WINDOWS - THIS IS QUITE IMPORTANT
'-NOTE THAT OUTPUT LOGS TO c:\xcacls.txt
'-750,000 FILES WILL GIVE YOU A 50 MEG LOG EASY
'-AWAY IT GOES
 
'-OH YEAH AND...
'WORKS ON XP OR 2003, WOULD NEED CHANGES TO WORK ON 2000 (BUT CAN BE RUN FROM
'AN XP WORKSTATION) AGAINST A NETWORK SHARE SO SHOULDN'T BE AN ISSUE.
'INHERRITANCE IS REMOVED
'DEFAULT SECURITY GIVES THE USER FULL CONTROL OF THEIR HOME FOLDER BUT
'THIS SCRIPT GIVES THEM MODIFY INSTEAD BECAUSE I DON'T PARTICULARILY WANT THEM
'TO BE ABLE TO CHANGE PERMISSIONS OR DELETE THEIR HOME FOLDER.
'YOU CAN CHANGE THIS IN THE SCRIPT (TOWARDS THE BOTTON, WHEN XCACLS.VBS IS CALLED).
'IF ANYTHING IN THIS SCRIPT IS WEIRD OR CONFUSING IT'S PROBABLY ME NOT YOU.
'I HAVE NO FORMAL PROGRAMMING KNOWLEDGE SO THIS IS ME FIGGURING IT OUT - 
'NOTHING IN HERE SHOULD BE TAKEN AS 'THE RIGHT WAY' TO DO SOMETHING.
'QUESTIONS ARE ALWAYS WELCOME - NICK.STAFF@COMCAST.NET
 
on error resume next
 
Const MY_COMPUTER = &H11&
Const SYSTEM32 = &H25&
Const WINDOW_HANDLE = 0
Const NO_OPTIONS = 0
Const FILES_YES = &H4000&
 
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Shell.Application")
strComputer = "."
 
'INFORM THE USER THEY NEED XCACLS.VBS AND GIVE THEM THE OPTION TO DOWNLOAD IT
 
xcacQuest = "This script requires xcacls.vbs from Microsoft. If you need to download it click yes. If you don't, click no. And if you feel safer getting the file from Microsoft yourself click cancel and rerun this script after you have."
xcacTitle = "Home Groan - Got xcacls?"
HomeGTitle = "Home Groan"
HomeGDomTitle = "Home Groan - Downlevel Domain"
 
xcacChoice = msgbox(xcacQuest, vbQuestion + vbYesNoCancel + vbDefaultButton6, xcacTitle)
 
xcacLoc = "http://download.microsoft.com/download/f/7/8/f786aaf3-a37b-45ab-b0a2-8c8c18bbf483/XCacls_Installer.exe"
 
'IF THEY WANT US TO DOWNLOAD IT FOR THEM WE WILL PAUSE THE SCRIPT
'WE PAUSE BY CREATING A LOOP THAT WAITS FOR THE XCACLS INSTALER PROCESS TO TERMINATE
 
IF xcacChoice = 6 then
 
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
ExecNotificationQuery("select * from __instancedeletionevent " _ 
& "within 1 where TargetInstance isa 'Win32_Process'")
 
xcacDLWait = msgbox ("When the download finishes run XCacls_Installer.exe which will extract xcacls.vbs to the directory of your choice. This script should automatically continue when the xcacls_installer exits.", vbokonly, xcactitle)
 
'BELOW WE LAUNCH AN IE PROCESS TO BEGIN THE FILE DOWNLOAD
 
set ie = CreateObject("InternetExplorer.Application")
ie.visible = true
ie.navigate xcacLoc
 
i = 0
 
'THE NEXT LINE IS WHERE WE SPECIFY THE PROCESS TO MONITOR FOR TERMINATION
 
Do While i <> "XCacls_Installer.exe"
Set objLatestProcess = colMonitoredProcesses.NextEvent
i = objLatestProcess.TargetInstance.Name
loop
 
ELSEIF xcacChoice = vbcancel then
 
xcacCancel = msgbox ("You can download xcacls.vbs by searching for it at http://www.microsoft.com/downloads", vbokonly, xcactitle)
wscript.quit()
 
END IF
 
'GET THE PATH OF THE SYSTEM32 FOLDER so we can launch cscript
'JUST IN CASE THE PATH SYSTEM VARIABLE IS HORRIBLY WRONG
'OR BECAUSE WE'RE OBSESIVE COMPULIVE AND CAN'T LEAVE IT ALONE
 
Set objSYSDR = objShell.Namespace(SYSTEM32)
Set objSYSDRItem = objsysDR.Self
Sys32 = objsysDRItem.Path
 
'GET THE PATH - ERR CLSID OF MY COMPUTER SO IT CAN BE USED AS THE ROOT
'WHEN WE BROWSE FOR FILES/FOLDERS
 
Set objMyComp = objShell.Namespace(MY_COMPUTER)
Set objMyCompItem = objMyComp.Self
BrowseRoot = objMyCompItem.Path
 
'OPEN BROWSE WINDOW SO USER CAN SPECIFY LOCATION OF XCACLS.VBS
'APPEND THE LOCATION WITH \XCACLS.VBS AND SET IT TO A VARIABLE
 
Do Until objFSO.FileExists(xcacls)
 
Set xcaclspath = objShell.BrowseForFolder _
(WINDOW_HANDLE, "Select the location of the xcacls.vbs file:", NO_OPTIONS, BrowseRoot) 
 
IF xcaclspath = Empty then
wscript.quit()
 
ELSEIF xcaclspath = "" then
wscript.quit()
END IF
 
Set xcaclspathItem = xcaclspath.Self
xcaclsPath = xcaclspathItem.Path
 
xcacls = xcaclspath & "\xcacls.vbs"
 
If not objFSO.FileExists(xcacls) then
 
oUserError = Msgbox ("xcacls.vbs does not exist in the folder you specified. Please verify it's location and select the appropriate folder.", vbExclamation + vbokonly, HomeGTitle)
end if
loop
 
'OPEN BROWSE WINDOW SO USER CAN SPECIFY LOCATION OF HOME FOLDERS (PARENT DIRECTORY)
 
Set objpath = objShell.BrowseForFolder _
(WINDOW_HANDLE, "Select the drive or folder containing the Home Directories to secure:", NO_OPTIONS, BrowseRoot) 
Set objpathItem = objpath.Self
objPath = objpathItem.Path
 
'PROMPT USER FOR THE DOWNLEVEL DOMAIN NAME
 
do until thisdom <> empty
ThisDom = Inputbox("Type the downlevel name of the domain the accounts associated with these home folders are in (ie no .com)", HomeGDomTitle)
 
IF (ThisDom = empty) then
 
oUserError = Msgbox ("The domain name is required and can not be blank. Script will now exit.", vbExclamation + vbokonly, HomeGTitle)
wscript.quit()
End IF
loop
 
'PROMPT USER FOR NUMBER OF CHARACTERS TO IGNORE FROM THE LEFT
 
iCHleft = Inputbox("In determining the account name, how many (if any) characters should be cropped from the left of the folder name? For example if your naming convention is $$username then enter 2 here. If the folder names begin with the account names enter 0.", HomeGTitle)
 
IF (iCHleft = empty) then
lUserError = Msgbox ("Script will now exit. If you meant to specify not to skip any characters, run the script again and enter 0 next time", vbInformation + vbokonly, HomeGTitle)
wscript.quit()
END IF
 
'PROMPT USER FOR NUMBER OF CHARACTERS TO IGNORE FROM THE RIGHT
 
iCHright = Inputbox("In determining the account name, how many (if any) characters should be cropped from the right of the folder name? For example if your naming convention is username$$ then enter 2 here. If the folder names end with the account names enter 0.", HomeGTitle)
 
IF (iCHright = empty) then
rUserError = Msgbox ("Script will now exit. If you meant to specify not to skip any characters, run the script again and enter 0 next time", vbInformation + vbokonly, HomeGTitle)
wscript.quit()
END IF
 
'CREATE A COLLECTION OFF ALL SUB FOLDERS IN THE DIRECTORY SPECIFIED BY USER
 
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSubfolders = objWMIService.ExecQuery _
("Associators of {Win32_Directory.Name='" & objPath & "'} " _
& "Where AssocClass = Win32_Subdirectory " _
& "ResultRole = PartComponent")
 
 
'SINCE WE USE APPACTIVATE TO TIGHTEN PERFORMANCE IT IS VERY IMPORTANT TO HAVE NO OTHER WINDOWS OPEN WHEN THIS RUNS
'THIS IS WHERE WE TELL THE USER THAT
 
xcacDLWait = msgbox ("Please make sure all other windows are closed - especially any folders you have open. This is very important if you'd like this to work. Please click ok when that's done and you're ready to continue.", vbInformation + vbokonly, xcactitle)
 
'HERE IS WHERE WE CHANGE FOLDER PERMISSIONS
'EVERYTHING BETWEEN THE FOR AND THE NEXT STATEMENT_
'WILL BE RUN ON EACH FOLDER IN THE COLLECTION ABOVE
 
For Each objFolder in colSubfolders
 
Set objFolders = objFSO.GetFolder(objFolder.name)
 
    FID = objFolders.name
    HomeFolder = objFolder.name
 
'WE ARE PARSING EACH FOLDER NAME TO FIND IT'S
'ASSOCIATED USER ACCOUNT. WE MUST ALSO IGNORE
'THE NUMBER OF CHARACTERS SPECIFIED BY USER (IF ANY)
 
'*******************************************
'THANKS TO Kenneth Bryant (kbryant@checksinthemail.com) AND
'Richard Stephen Reese (rsreese@ifas.ufl.edu)
'FOR HELPING TO RESOLVE AND ERROR IN THIS NEXT SECTION
'*******************************************
 
If iCHright > 0 Then
 
    uidR = RTrim(Left(FID,Len(FID)-iCHright))
cRightnum = 1
END IF
 
IF cRightnum = 1 then
 
    UID = LTrim(Right(uidR,Len(uIDR)-iCHleft))
 
ELSE
 
    UID = LTrim(Right(FID,Len(FID)-iCHleft))
 
END IF
 
'THIS IS THE COMMAND THAT RUNS THE XCACLS.VBS SCRIPT.
'THIS IS WHERE YOU CAN CHANGE WHAT PERMISSIONS ARE SET
'AND WHAT GROUPS THEY'RE SET FOR
'NOTE THAT OUTPUT LOGS TO c:\xcacls.txt
'750,000 FILES WILL GIVE YOU A 50 MEG LOG EASY
 
WSHShell.run ("""" & sys32 & "\cscript.exe"" """ & xcacls & """ """ & homefolder & """ /f /s /t /g administrators:F /g " & ThisDom & "\" & UID & ":M /I remove /l c:\xcacls.txt /Q")
 
    wscript.sleep 200
WshShell.AppActivate "C:\"
 
Do while WshShell.AppActivate("C:\") = TRUE
    wscript.sleep 200
loop
 
'THIS IS THE LAST LINE
 
Next

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Don
Don
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of chizzle637

ASKER

have you used this in your network.
and chown is a linux command
can't wait to see that exe.
going to run a test with that script
thanks for your help i'll let you know how i turns out
Yes I have, Good luck