vb scripting - cacls - for domain users

hi experts,

i cant seem to get this script to work with GPO. I have linked the GPO to a specific OU with user account in that OU, and added the attached login script at the User Config. Please help.

we have just migrated our users' profile from the old to the new domain using the "Copy To" option. However, we encountered issues where users have created and saved their documents into their own folders in C drives with their old domain login. After migration, and when they login with their new profile, these folders were not editable due to permissions issues. We could individually assign permissions but a scripted solution would be more elegant
' VBScript ~ addACL.vbs
' Version: 	Draft 1
' Date: 	20 August 2010
'---------------------------------------------------
On Error Resume Next

Dim fso
Dim WshNetwork

Set fso = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = CreateObject("WScript.Network")
 
DomainString = WshNetwork.UserDomain
UserString = WshNetwork.UserName
 
'------------------------------------------------------------
' Add New Domain User to NTFS ACL of D:\UserFolder 
'------------------------------------------------------------
If fso.FolderExists("D:\UserFolder") then
	WshShell.run "cacls D:\UserFolder /G " & DomainString & "\" & UserString & ":F /C /E /T",0,true	
End If

WScript.Quit

Open in new window

kenny_klbnAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
RobSampsonConnect With a Mentor Commented:
Is the folder actually called D:\UserFolder?
Is cacls.exe in the System32 folder?  If cacls.exe is not in a folder in the %PATH% environment variable, you will need to specify the full path to the cacls.exe
You could test it by running this from the command line, while logged in as an admin:
cacls D:\UserFolder /G "DomainString\Domain Users":F /C /E /T
and see what the result is.
Also, try this anyway
WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"":F /C /E /T",0,true
Regards,
Rob.
0
 
RobSampsonCommented:
Hi, a normal user, not already having rights to the folder, whill not be able to change the ACL on those folders.  I think the easiest solution would be to run it as a StartUp script, under Computer Configuration, which would run as the Local System account, and you will need to grant rights to Domain Users instead....
Regards,
Rob.
0
 
kenny_klbnAuthor Commented:
hi Rob,
what's the code to include Domain Users or Authenticated Users? Much help appreciated.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
RobSampsonCommented:
Hi, it should just be
WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"  & """:F /C /E /T",0,true
Regards,
Rob.
0
 
kenny_klbnAuthor Commented:
hi Rob,

it didnt work. how do i troubleshoot this?
0
 
kenny_klbnAuthor Commented:
hi Rob,

thanks. ive added

Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
0
 
RobSampsonCommented:
Oh yeah, that wasn't in your original code, I didn't notice.....
Thanks for the grade.   What was the line that ended up working?
Regards,
Rob.
0
 
kenny_klbnAuthor Commented:
hi Rob,

fyi,

WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"":F /C /E /T",0,true
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.