Solved

vb scripting - cacls - for domain users

Posted on 2010-08-19
8
628 Views
Last Modified: 2012-05-10
hi experts,

i cant seem to get this script to work with GPO. I have linked the GPO to a specific OU with user account in that OU, and added the attached login script at the User Config. Please help.

we have just migrated our users' profile from the old to the new domain using the "Copy To" option. However, we encountered issues where users have created and saved their documents into their own folders in C drives with their old domain login. After migration, and when they login with their new profile, these folders were not editable due to permissions issues. We could individually assign permissions but a scripted solution would be more elegant
' VBScript ~ addACL.vbs
' Version: 	Draft 1
' Date: 	20 August 2010
'---------------------------------------------------
On Error Resume Next

Dim fso
Dim WshNetwork

Set fso = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = CreateObject("WScript.Network")
 
DomainString = WshNetwork.UserDomain
UserString = WshNetwork.UserName
 
'------------------------------------------------------------
' Add New Domain User to NTFS ACL of D:\UserFolder 
'------------------------------------------------------------
If fso.FolderExists("D:\UserFolder") then
	WshShell.run "cacls D:\UserFolder /G " & DomainString & "\" & UserString & ":F /C /E /T",0,true	
End If

WScript.Quit

Open in new window

0
Comment
Question by:kenny_klbn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 33481476
Hi, a normal user, not already having rights to the folder, whill not be able to change the ACL on those folders.  I think the easiest solution would be to run it as a StartUp script, under Computer Configuration, which would run as the Local System account, and you will need to grant rights to Domain Users instead....
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33481561
hi Rob,
what's the code to include Domain Users or Authenticated Users? Much help appreciated.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 33481635
Hi, it should just be
WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"  & """:F /C /E /T",0,true
Regards,
Rob.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:kenny_klbn
ID: 33481712
hi Rob,

it didnt work. how do i troubleshoot this?
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 33481719
Is the folder actually called D:\UserFolder?
Is cacls.exe in the System32 folder?  If cacls.exe is not in a folder in the %PATH% environment variable, you will need to specify the full path to the cacls.exe
You could test it by running this from the command line, while logged in as an admin:
cacls D:\UserFolder /G "DomainString\Domain Users":F /C /E /T
and see what the result is.
Also, try this anyway
WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"":F /C /E /T",0,true
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33482254
hi Rob,

thanks. ive added

Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 33482263
Oh yeah, that wasn't in your original code, I didn't notice.....
Thanks for the grade.   What was the line that ended up working?
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33547937
hi Rob,

fyi,

WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"":F /C /E /T",0,true
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question