Create folder, set permissions based on domain user - script

I have a VB script that will create a directory, and map a drive to that directory based on the users domain account. How can  I add to this script to remove inheritable permissions, and set permissions for only that user to access that folder. My goal for this script is to

1. Make sure the users directory exists, of not, create it.  DONE

2. Set permissions for only that user to access it, remove inheritable permissions. NOT DONE

3. Map the directory to a specific drive DONE
Set objSysInfo = CreateObject("ADSystemInfo")
strUser = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
strUserName = objUser.samAccountName
 
Dim fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FolderExists("\\stpluto\user\" & strUserName) Then
Else
Set f = fso.CreateFolder("\\stpluto\user\" & strUserName)
End If
 
strDrive = "\\Stpluto\User\" & strUserName
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
objNetwork.RemoveNetworkDrive "x:"
objNetwork.MapNetworkDrive "x:", strDrive

Open in new window

LVL 3
PierellieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lciprianionutCommented:
One question: what I understand from your script it will run withuser credentials as login script or with your credentials (administrator on file server) ?
You can use calcs.exe, but if runs under user credentials and directory is on a file server where he is not an admin it will fail
0
PierellieAuthor Commented:
it will run as a script on user login. So using user credentials. I'll check into calcs.exe... the share is on a fileserver, the share has user rights permission, within that share will be the individual user folders... hence the reason i need to disable inhereted permissions when the users folder is created.
0
PierellieAuthor Commented:
Well i figured it out using cacls, it doesn't seem as efficent as it possibly could be, could you let me know if i can consolidate all the "SendKeys"?

Also, apparently, using the /g switch, i don't need to worry about inheritance, as that will overwrite the existing ACL and write only what is configured.

Set objSysInfo = CreateObject("ADSystemInfo")
strUser = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
strUserName = objUser.samAccountName
 
'Checks for/Creates Users directory
Dim fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FolderExists("\\stpluto\user\" & strUserName) Then
Else
Set f = fso.CreateFolder("\\stpluto\user\" & strUserName)
End If
 
'opens command shell, executes cacls to change folder permissions.
Dim objShell
Set objShell = CreateObject("WScript.Shell")
objShell.Run "cmd"
WScript.Sleep 50
objShell.SendKeys "cacls "
objShell.SendKeys "\\stpluto\user\" & strUserName
objShell.SendKeys " /g " & strUserName
objShell.SendKeys ":F"
objShell.SendKeys "{ENTER}"
objShell.SendKeys "Y"
objShell.SendKeys "{ENTER}"
objShell.SendKeys "exit"
objShell.SendKeys "{ENTER}"
 
'Maps Folder to local Drive
strDrive = "\\Stpluto\User\" & strUserName
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
objNetwork.RemoveNetworkDrive "q:"
objNetwork.MapNetworkDrive "q:", strDrive

Open in new window

0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

JManickiCommented:
It looks like you're using CMD and the SENDKEYS so that you can answer "Yes" to the confirmation request from CACLS and then exit the command prompt?

If you got CACLS to set the proper file rights then you can use XCACLS instead which has a few more options including a /Y switch to not prompt for confirmation and just set the rights as set.

Replace your lines 17 through 27 with the code below.  The Run Method is also configured to NOT show the black CMD window while it's running:

objWSHShell.Run "XCACLS \\stpluto\user\" & strUserName & " /G " & strUserName & ":F /Y", 0, True

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JManickiCommented:
Sorry, I used objWSHShell where you were using objShell.
0
lciprianionutCommented:
I would use
objWSHShell.Run Chr(34) & "XCACLS \\stpluto\user\" & strUserName & " /G " & strUserName & ":F /Y" & Chr(34), 0, True

Open in new window

0
PierellieAuthor Commented:
Thanks both lciprianionut and JManicki. JManicki, i was more concerned about consolidating all this, your solution worked perfect. thanks again!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.