Link to home
Start Free TrialLog in
Avatar of Pierellie
Pierellie

asked on

Create folder, set permissions based on domain user - script

I have a VB script that will create a directory, and map a drive to that directory based on the users domain account. How can  I add to this script to remove inheritable permissions, and set permissions for only that user to access that folder. My goal for this script is to

1. Make sure the users directory exists, of not, create it.  DONE

2. Set permissions for only that user to access it, remove inheritable permissions. NOT DONE

3. Map the directory to a specific drive DONE
Set objSysInfo = CreateObject("ADSystemInfo")
strUser = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
strUserName = objUser.samAccountName
 
Dim fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FolderExists("\\stpluto\user\" & strUserName) Then
Else
Set f = fso.CreateFolder("\\stpluto\user\" & strUserName)
End If
 
strDrive = "\\Stpluto\User\" & strUserName
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
objNetwork.RemoveNetworkDrive "x:"
objNetwork.MapNetworkDrive "x:", strDrive

Open in new window

SOLUTION
Avatar of Ciprian Lozonschi
Ciprian Lozonschi
Flag of Czechia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pierellie
Pierellie

ASKER

it will run as a script on user login. So using user credentials. I'll check into calcs.exe... the share is on a fileserver, the share has user rights permission, within that share will be the individual user folders... hence the reason i need to disable inhereted permissions when the users folder is created.
Avatar of Pierellie
Pierellie

ASKER

Well i figured it out using cacls, it doesn't seem as efficent as it possibly could be, could you let me know if i can consolidate all the "SendKeys"?

Also, apparently, using the /g switch, i don't need to worry about inheritance, as that will overwrite the existing ACL and write only what is configured.

Set objSysInfo = CreateObject("ADSystemInfo")
strUser = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
strUserName = objUser.samAccountName
 
'Checks for/Creates Users directory
Dim fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FolderExists("\\stpluto\user\" & strUserName) Then
Else
Set f = fso.CreateFolder("\\stpluto\user\" & strUserName)
End If
 
'opens command shell, executes cacls to change folder permissions.
Dim objShell
Set objShell = CreateObject("WScript.Shell")
objShell.Run "cmd"
WScript.Sleep 50
objShell.SendKeys "cacls "
objShell.SendKeys "\\stpluto\user\" & strUserName
objShell.SendKeys " /g " & strUserName
objShell.SendKeys ":F"
objShell.SendKeys "{ENTER}"
objShell.SendKeys "Y"
objShell.SendKeys "{ENTER}"
objShell.SendKeys "exit"
objShell.SendKeys "{ENTER}"
 
'Maps Folder to local Drive
strDrive = "\\Stpluto\User\" & strUserName
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
objNetwork.RemoveNetworkDrive "q:"
objNetwork.MapNetworkDrive "q:", strDrive

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of JManicki
JManicki
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of JManicki
JManicki
Flag of United States of America image
Sorry, I used objWSHShell where you were using objShell.
Avatar of Ciprian Lozonschi
Ciprian Lozonschi
Flag of Czechia image
I would use
objWSHShell.Run Chr(34) & "XCACLS \\stpluto\user\" & strUserName & " /G " & strUserName & ":F /Y" & Chr(34), 0, True

Open in new window

Avatar of Pierellie
Pierellie

ASKER

Thanks both lciprianionut and JManicki. JManicki, i was more concerned about consolidating all this, your solution worked perfect. thanks again!