Solved

vb scripting - cacls - for domain users

Posted on 2010-08-19
8
622 Views
Last Modified: 2012-05-10
hi experts,

i cant seem to get this script to work with GPO. I have linked the GPO to a specific OU with user account in that OU, and added the attached login script at the User Config. Please help.

we have just migrated our users' profile from the old to the new domain using the "Copy To" option. However, we encountered issues where users have created and saved their documents into their own folders in C drives with their old domain login. After migration, and when they login with their new profile, these folders were not editable due to permissions issues. We could individually assign permissions but a scripted solution would be more elegant
' VBScript ~ addACL.vbs
' Version: 	Draft 1
' Date: 	20 August 2010
'---------------------------------------------------
On Error Resume Next

Dim fso
Dim WshNetwork

Set fso = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = CreateObject("WScript.Network")
 
DomainString = WshNetwork.UserDomain
UserString = WshNetwork.UserName
 
'------------------------------------------------------------
' Add New Domain User to NTFS ACL of D:\UserFolder 
'------------------------------------------------------------
If fso.FolderExists("D:\UserFolder") then
	WshShell.run "cacls D:\UserFolder /G " & DomainString & "\" & UserString & ":F /C /E /T",0,true	
End If

WScript.Quit

Open in new window

0
Comment
Question by:kenny_klbn
  • 4
  • 4
8 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 33481476
Hi, a normal user, not already having rights to the folder, whill not be able to change the ACL on those folders.  I think the easiest solution would be to run it as a StartUp script, under Computer Configuration, which would run as the Local System account, and you will need to grant rights to Domain Users instead....
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33481561
hi Rob,
what's the code to include Domain Users or Authenticated Users? Much help appreciated.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 33481635
Hi, it should just be
WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"  & """:F /C /E /T",0,true
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33481712
hi Rob,

it didnt work. how do i troubleshoot this?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 33481719
Is the folder actually called D:\UserFolder?
Is cacls.exe in the System32 folder?  If cacls.exe is not in a folder in the %PATH% environment variable, you will need to specify the full path to the cacls.exe
You could test it by running this from the command line, while logged in as an admin:
cacls D:\UserFolder /G "DomainString\Domain Users":F /C /E /T
and see what the result is.
Also, try this anyway
WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"":F /C /E /T",0,true
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33482254
hi Rob,

thanks. ive added

Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 33482263
Oh yeah, that wasn't in your original code, I didn't notice.....
Thanks for the grade.   What was the line that ended up working?
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33547937
hi Rob,

fyi,

WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"":F /C /E /T",0,true
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
Introduction During my participation as a VBScript contributor at Experts Exchange, one of the most common questions I come across is this: "I have a script that runs against only one computer. How can I make it run against a list of computers in …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now