Solved

Create folder, set permissions based on domain user - script

Posted on 2009-07-09
7
1,207 Views
Last Modified: 2013-11-26
I have a VB script that will create a directory, and map a drive to that directory based on the users domain account. How can  I add to this script to remove inheritable permissions, and set permissions for only that user to access that folder. My goal for this script is to

1. Make sure the users directory exists, of not, create it.  DONE

2. Set permissions for only that user to access it, remove inheritable permissions. NOT DONE

3. Map the directory to a specific drive DONE
Set objSysInfo = CreateObject("ADSystemInfo")
strUser = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
strUserName = objUser.samAccountName
 
Dim fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FolderExists("\\stpluto\user\" & strUserName) Then
Else
Set f = fso.CreateFolder("\\stpluto\user\" & strUserName)
End If
 
strDrive = "\\Stpluto\User\" & strUserName
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
objNetwork.RemoveNetworkDrive "x:"
objNetwork.MapNetworkDrive "x:", strDrive

Open in new window

0
Comment
Question by:Pierellie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 13

Assisted Solution

by:lciprianionut
lciprianionut earned 200 total points
ID: 24817372
One question: what I understand from your script it will run withuser credentials as login script or with your credentials (administrator on file server) ?
You can use calcs.exe, but if runs under user credentials and directory is on a file server where he is not an admin it will fail
0
 
LVL 3

Author Comment

by:Pierellie
ID: 24817839
it will run as a script on user login. So using user credentials. I'll check into calcs.exe... the share is on a fileserver, the share has user rights permission, within that share will be the individual user folders... hence the reason i need to disable inhereted permissions when the users folder is created.
0
 
LVL 3

Author Comment

by:Pierellie
ID: 24818806
Well i figured it out using cacls, it doesn't seem as efficent as it possibly could be, could you let me know if i can consolidate all the "SendKeys"?

Also, apparently, using the /g switch, i don't need to worry about inheritance, as that will overwrite the existing ACL and write only what is configured.

Set objSysInfo = CreateObject("ADSystemInfo")
strUser = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
strUserName = objUser.samAccountName
 
'Checks for/Creates Users directory
Dim fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FolderExists("\\stpluto\user\" & strUserName) Then
Else
Set f = fso.CreateFolder("\\stpluto\user\" & strUserName)
End If
 
'opens command shell, executes cacls to change folder permissions.
Dim objShell
Set objShell = CreateObject("WScript.Shell")
objShell.Run "cmd"
WScript.Sleep 50
objShell.SendKeys "cacls "
objShell.SendKeys "\\stpluto\user\" & strUserName
objShell.SendKeys " /g " & strUserName
objShell.SendKeys ":F"
objShell.SendKeys "{ENTER}"
objShell.SendKeys "Y"
objShell.SendKeys "{ENTER}"
objShell.SendKeys "exit"
objShell.SendKeys "{ENTER}"
 
'Maps Folder to local Drive
strDrive = "\\Stpluto\User\" & strUserName
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
objNetwork.RemoveNetworkDrive "q:"
objNetwork.MapNetworkDrive "q:", strDrive

Open in new window

0
Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

 
LVL 2

Accepted Solution

by:
JManicki earned 300 total points
ID: 24825745
It looks like you're using CMD and the SENDKEYS so that you can answer "Yes" to the confirmation request from CACLS and then exit the command prompt?

If you got CACLS to set the proper file rights then you can use XCACLS instead which has a few more options including a /Y switch to not prompt for confirmation and just set the rights as set.

Replace your lines 17 through 27 with the code below.  The Run Method is also configured to NOT show the black CMD window while it's running:

objWSHShell.Run "XCACLS \\stpluto\user\" & strUserName & " /G " & strUserName & ":F /Y", 0, True

Open in new window

0
 
LVL 2

Expert Comment

by:JManicki
ID: 24825749
Sorry, I used objWSHShell where you were using objShell.
0
 
LVL 13

Expert Comment

by:lciprianionut
ID: 24827176
I would use
objWSHShell.Run Chr(34) & "XCACLS \\stpluto\user\" & strUserName & " /G " & strUserName & ":F /Y" & Chr(34), 0, True

Open in new window

0
 
LVL 3

Author Closing Comment

by:Pierellie
ID: 31601775
Thanks both lciprianionut and JManicki. JManicki, i was more concerned about consolidating all this, your solution worked perfect. thanks again!
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
The viewer will learn how to dynamically set the form action using jQuery.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question