Windows 2008 - Permissions on Folder are incorrectly ordered

I am currently having an issue with CACL permissions in Windows 2008 Enterprise Server. I have a vbscript that run nightly to populate/create department folder on a SAN File cluster. The department folders are based on the department OU's in Active Directory. The department folders and permissions on the root department folders are created with no issues.
The issue that arises is with the sub-folders within the root department folders. Anytime a subfolder is created and a user goes to properties, and the security tab the following error appears: "The permissions on "folder name" are incorrectly ordered, which may cause some entries to be ineffective." As a reminder, this error only occurs on the sub-folders not the root department folders.
I do not believe there is an issue with the script. I realize that there is a known bug with incorrectly ordered permissions, but I can only find information on Windows 2000, and XP.
I need to know if there is a patch to resolve this issue for Windows 2008.

Thanks,
PulsarSolutions
VBScript code: 
(CACLS Section Only)
 
'========================================================================================
 
Function Permissions()
'Department group name with no spaces between the Department name & group
strFolderGroup = strFolder & "Group"
strFolderGroup = Replace(strFolderGroup,"_"," ")
 
'Department group name with a space between the department name & group
'strFolderGroup2 = strText & " Group"
strFolderGroup2 = strFolder & " Group"
strFolderGroup2 = Replace(strFolderGroup2,"_"," ")
 
Set objShell   = CreateObject("Wscript.Shell")
Set object2FSO = CreateObject("Scripting.FileSystemObject")
 
If object2FSO.FolderExists(strFolderPath) Then
	intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls "	&	_
	"""" & strFolderPath & """"	&	_
	" /e /t /c /g """ & strFolderGroup & """:F", 2, True)
 
	If intRunError <> 0 Then
	    'If error applying strFolderGroup group permissions to department folder
	    'Attempt to apply strFolderGroup2 group permission to department folder
	    If object2FSO.FolderExists(strFolderPath) Then
			intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls "	&	_
			"""" & strFolderPath & """"	&	_
			" /e /t /c /g """ & strFolderGroup2 & """:F", 2, True)
			
				'If unable to apply strFolderGroup & strFolderGroup2 then log an error message
				If intRunError <> 0 Then
					WScript.Echo "Error assigning permissions for: " & strFolderGroup1 & strFolderGroup2
					objLogFile.WriteLine "Error assigning permissions for: " & strFolderGroup1 & strFolderGroup2
				Else
				   	'Log strFolderGroup2 was successfully applied
				   	WScript.Echo strFolderGroup2 & " permissions applied successfully"
				    objLogFile.WriteLine strFolderGroup2 & " permissions applied successfully"
				End If
							
         End If
	Else
			'Log strFolderGroup was successfully applied
			WScript.Echo strFolderGroup & " permissions applied successfully"
			objLogFile.WriteLine strFolderGroup & " permissions applied successfully"				
	End If
End If
End Function

Open in new window

pulsarsolutionsAsked:
Who is Participating?
 
pulsarsolutionsAuthor Commented:
The issue is resolved. Using ICACLS resolved the issue. I will provide my permissions function that includes the ICACLS logic.

Thanks for the suggestion!
Function Permissions()
'Department group name with no spaces between the Department name & group
strFolderGroup = strFolder & "Group"
strFolderGroup = Replace(strFolderGroup,"_"," ")
 
'Department group name with a space between the department name & group
'strFolderGroup2 = strText & " Group"
strFolderGroup2 = strFolder & " Group"
strFolderGroup2 = Replace(strFolderGroup2,"_"," ")
 
Set objShell   = CreateObject("Wscript.Shell")
Set object2FSO = CreateObject("Scripting.FileSystemObject")
 
If object2FSO.FolderExists(strFolderPath) Then
	intRunError = objShell.Run("icacls """ & strFolderPath & """ /grant """ & strFolderGroup & """:(OI)(CI)f /T /C")
		     
	If intRunError <> 0 Then
	    
	    If object2FSO.FolderExists(strFolderPath) Then
			intRunError = objShell.Run("icacls """ & strFolderPath & """ /grant """ & strFolderGroup2 & """:(OI)(CI)f /T /C")
		
			 'If unable to apply strFolderGroup & strFolderGroup2 then log an error message
				If intRunError <> 0 Then
					WScript.Echo "Error assigning permissions for: " & strFolderGroup1 & strFolderGroup2
					objLogFile.WriteLine "Error assigning permissions for: " & strFolderGroup1 & strFolderGroup2
				Else
				   	'Log strFolderGroup2 was successfully applied
				   	WScript.Echo strFolderGroup2 & " permissions applied successfully"
				    objLogFile.WriteLine strFolderGroup2 & " permissions applied successfully"
				End If
							
         End If
	Else
			'Log strFolderGroup was successfully applied
			WScript.Echo strFolderGroup & " permissions applied successfully"
			objLogFile.WriteLine strFolderGroup & " permissions applied successfully"				
	End If
End If
End Function

Open in new window

0
 
grayeCommented:
I'd recommend that you switch to using ICACLS (it's the latest version of the tool for Vista, 2008, etc)
The command line syntax is a bit different...  http://technet.microsoft.com/en-us/library/cc753525.aspx
0
 
pulsarsolutionsAuthor Commented:
I will write a separate icacls test script and see it resolves the problem. I will provide an update shortly.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
pulsarsolutionsAuthor Commented:
I have not had much luck locating any sample vbscript code for using icacls versus cacls. Does anyone have any example vbscript code for ICACLS?
0
 
pulsarsolutionsAuthor Commented:
The following works in a command line, but still working on correct syntax to apply via vbscript:
icacls sales_folder /grant fileadmins:(OI)f /T /C (command line)

0
 
pulsarsolutionsAuthor Commented:
I believe I have the vbscript code method to run it via vbscript:

Set objShell   = CreateObject("Wscript.Shell")
intRunError = objShell.Run("icacls sales_folder /grant fileadmins:(OI)f /T /C")

I will now need to test it in the environment to see if it resolves the issue. I will provide an update
shortly.
0
 
pulsarsolutionsAuthor Commented:
ICACLS code resolved the issue:

Function Permissions()
'Department group name with no spaces between the Department name & group
strFolderGroup = strFolder & "Group"
strFolderGroup = Replace(strFolderGroup,"_"," ")

'Department group name with a space between the department name & group
'strFolderGroup2 = strText & " Group"
strFolderGroup2 = strFolder & " Group"
strFolderGroup2 = Replace(strFolderGroup2,"_"," ")
 
Set objShell   = CreateObject("Wscript.Shell")
Set object2FSO = CreateObject("Scripting.FileSystemObject")

If object2FSO.FolderExists(strFolderPath) Then
      intRunError = objShell.Run("icacls """ & strFolderPath & """ /grant """ & strFolderGroup & """:(OI)(CI)f /T /C")
                 
      If intRunError <> 0 Then
          
          If object2FSO.FolderExists(strFolderPath) Then
                  intRunError = objShell.Run("icacls """ & strFolderPath & """ /grant """ & strFolderGroup2 & """:(OI)(CI)f /T /C")
            
                   'If unable to apply strFolderGroup & strFolderGroup2 then log an error message
                        If intRunError <> 0 Then
                              WScript.Echo "Error assigning permissions for: " & strFolderGroup1 & strFolderGroup2
                              objLogFile.WriteLine "Error assigning permissions for: " & strFolderGroup1 & strFolderGroup2
                        Else
                                 'Log strFolderGroup2 was successfully applied
                                 WScript.Echo strFolderGroup2 & " permissions applied successfully"
                            objLogFile.WriteLine strFolderGroup2 & " permissions applied successfully"
                        End If
                                          
         End If
      Else
                  'Log strFolderGroup was successfully applied
                  WScript.Echo strFolderGroup & " permissions applied successfully"
                  objLogFile.WriteLine strFolderGroup & " permissions applied successfully"                        
      End If
End If
End Function
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.