Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1695
  • Last Modified:

Useing a Batch file to set user folder permissions

I am trying to create a batch file that will read a .txt file that lists usernames on each line in the file and create a folder for each username in the file.  This part appears to be working correctly.  I am having a fit out of gettng the appropriate permissions set on each folder.  Each folder should have the following permissions:
%domiain%\%Username%:F %domain%\Administrators:F %domain%\Teachers:F

Here is my batch file:
Set ShareFolder=D:\Usertestfolder\2012
Set Domain=SEMS
for /f %%a in (test.txt) do call :process "%%a"
goto :eof
set folder=%~1
set fullpath=%ShareFolder%\%Folder%
md "%fullpath%"
echo y|cacls "%fullpath%" /t /c /g %domain%\%folder%:F %domain%\Administrator:F SYSTEM:F %domain%Teachers:F

Here are my results:

C:\Documents and Settings\Admin\Desktop>Set ShareFolder=D:\Usertestfolder\2012

C:\Documents and Settings\Admin\Desktop>Set Domain=SEMS

C:\Documents and Settings\Admin\Desktop>for /F %a in (test.txt) do call :process

C:\Documents and Settings\Admin\Desktop>call :process "AAA_Student"

C:\Documents and Settings\Admin\Desktop>set folder=AAA_Student

C:\Documents and Settings\Admin\Desktop>set fullpath=D:\Usertestfolder\2012\AAA_

C:\Documents and Settings\Admin\Desktop>md "D:\Usertestfolder\2012\AAA_Student"

A subdirectory or file D:\Usertestfolder\2012\AAA_Student already exists.

C:\Documents and Settings\Admin\Desktop>echo y  | cacls "D:\Usertestfolder\2012\
AAA_Student" /t /c /g SEMS\AAA_Student:F SEMS\Administrator:F SYSTEM:F SEMSTeach
No mapping between account names and security IDs was done.

C:\Documents and Settings\Admin\Desktop>pause
Press any key to continue . . .

Any Help would be greatly appreciated.  BTW this is on Server 2003 OS
  • 4
  • 3
1 Solution
Change "%domain%Teachers:F" to be "%domain%\Teachers:F"
jring_3770Author Commented:
Thanks for the quick response.
I have changed "%domain%Teachers:F" to be "%domain%\Teachers:F" and I am still getting the same result.   The folders are being created however they still inherit prmissions from the parent folder instead of recieveing the permissions set by the batch file.
Are you still getting the "No mapping between account names and security IDs was done." message or just not working?

If you're still getting the message it should mean that the user doesn't exist in the domain.
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

jring_3770Author Commented:
I am still getting "No mapping between account names and security IDs was done."  message.  i have created a .txt file that contains 3 usernames copy & pasted directy from AD.  I would prefer this batch file would gather the usernames from  an OU in AD and created the folders for each user and set the permissions %domiain%\%Username%:F %domain%\Administrators:F %domain%\Teachers:F
However I am unsure as to if this is possible.
To get the names from an OU in the AD you should use vbscript, you can use it like a batch file.

I assumed the DNS name of the domain was  Might need to change this line:
strDomain  = "DC=sems,DC=com"

If this has issues just uncomment the MsgBox lines to help debug, copy and paste this into a text file, call it "CreateUserFolders.vbs", might also require additional editing:

'''Variables to set
strRootDir = "D:\Usertestfolder\2012"
strOrgUnit = "OU=Users"  'To add a sub OU just add "OU=<NAME>," in front, like - "OU=<NAME>,OU=Users"
strDomain  = "DC=sems,DC=com"
strNETBIOSDomain = "SEMS"
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'''Get all users in the OU
'MsgBox "Org Unit set to - " & "LDAP://" & strOrgUnit & "," & strDomain
Set objOU = GetObject("LDAP://" & strOrgUnit & "," & strDomain)
objOU.Filter = Array("user")
For Each objChild In objOU
        'MsgBox "User set to - " & "LDAP://" & objChild.Name & "," & strOrgUnit & "," & strDomain
        Set objUser = GetObject("LDAP://" & objChild.Name & "," & strOrgUnit & "," & strDomain)
        '''Get the log on username and the Full Name
        strAccount = objUser.Get("sAMAccountName")
        strFullName = Right(objChild.Name, Len(objChild.Name) - 3)
        '''Set the target folder name by using the log on name OR the persons First and Last name, uncomment to choose:
        '''Account Name:
        strFolderName = strRootDir & strAccount
        '''Full Name:
        'strFolderName = strRootDir & strFullName
        '''Create the user folder if it doesn't exist
        On Error Resume Next
        If Not objFSO.GetFolder(strFolderName) Then
                On Error GoTo 0
        End If
        On Error GoTo 0
        '''Assign permissions
        If objFSO.FolderExists(strFolderName) Then
                ' Assign user permissions to home folder.
                strCommand = "%COMSPEC% /c Echo Y| cacls " & Chr(34) & strFolderName & Chr(34) & " /t /c /g " & _
                        '''Users and Groups to add:
                        Chr(34) & strNETBIOSDomain & "\" & "Administrator" & Chr(34) & ":F " & _
                        Chr(34) & strNETBIOSDomain & "\" & "Teachers" & Chr(34) & ":F " & _
                        Chr(34) & strNETBIOSDomain & "\" & strAccount & Chr(34) & ":F " & _
                intRunError = objShell.Run(strCommand, 2, True)
                If intRunError <> 0 Then
                        MsgBox "Error assigning permissions for user " _
                        & strNETBIOSDomain & "\" & strAccount & " to home folder " & strFolderName
                        MsgBox strCommand
                End If
                MsgBox "Folder does not exist: " & strHomeFolder
        End If
MsgBox "Complete"

Open in new window

jring_3770Author Commented:
Thanks Popeyediceclay I'll try this and let you know how it goes.
jring_3770Author Commented:
You Are The MAN!!!  That works great!  Thanks ever so much!  You just saved me a ton of work.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now