Solved

vb scripting - cacls - for domain users

Posted on 2010-08-19
8
625 Views
Last Modified: 2012-05-10
hi experts,

i cant seem to get this script to work with GPO. I have linked the GPO to a specific OU with user account in that OU, and added the attached login script at the User Config. Please help.

we have just migrated our users' profile from the old to the new domain using the "Copy To" option. However, we encountered issues where users have created and saved their documents into their own folders in C drives with their old domain login. After migration, and when they login with their new profile, these folders were not editable due to permissions issues. We could individually assign permissions but a scripted solution would be more elegant
' VBScript ~ addACL.vbs
' Version: 	Draft 1
' Date: 	20 August 2010
'---------------------------------------------------
On Error Resume Next

Dim fso
Dim WshNetwork

Set fso = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = CreateObject("WScript.Network")
 
DomainString = WshNetwork.UserDomain
UserString = WshNetwork.UserName
 
'------------------------------------------------------------
' Add New Domain User to NTFS ACL of D:\UserFolder 
'------------------------------------------------------------
If fso.FolderExists("D:\UserFolder") then
	WshShell.run "cacls D:\UserFolder /G " & DomainString & "\" & UserString & ":F /C /E /T",0,true	
End If

WScript.Quit

Open in new window

0
Comment
Question by:kenny_klbn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 33481476
Hi, a normal user, not already having rights to the folder, whill not be able to change the ACL on those folders.  I think the easiest solution would be to run it as a StartUp script, under Computer Configuration, which would run as the Local System account, and you will need to grant rights to Domain Users instead....
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33481561
hi Rob,
what's the code to include Domain Users or Authenticated Users? Much help appreciated.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 33481635
Hi, it should just be
WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"  & """:F /C /E /T",0,true
Regards,
Rob.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:kenny_klbn
ID: 33481712
hi Rob,

it didnt work. how do i troubleshoot this?
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 33481719
Is the folder actually called D:\UserFolder?
Is cacls.exe in the System32 folder?  If cacls.exe is not in a folder in the %PATH% environment variable, you will need to specify the full path to the cacls.exe
You could test it by running this from the command line, while logged in as an admin:
cacls D:\UserFolder /G "DomainString\Domain Users":F /C /E /T
and see what the result is.
Also, try this anyway
WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"":F /C /E /T",0,true
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33482254
hi Rob,

thanks. ive added

Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 33482263
Oh yeah, that wasn't in your original code, I didn't notice.....
Thanks for the grade.   What was the line that ended up working?
Regards,
Rob.
0
 

Author Comment

by:kenny_klbn
ID: 33547937
hi Rob,

fyi,

WshShell.run "cacls D:\UserFolder /G """ & DomainString & "\Domain Users"":F /C /E /T",0,true
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question