Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to assign login scripts to users without having to do it one by one

Posted on 2010-11-11
8
Medium Priority
?
319 Views
Last Modified: 2012-08-13
We had an issue where our student users lost permissions to their network drives. It seems the only way I have been able to re-grant them access to their "home folder" is through AD, one at a time. I would change the path of the login script for that user, by back spacing one character, retyping in the correct path, and then it would say "The folder already exists, do you want to grant Full Access to this folder".

Is there are a way to grant rights to a group of users to their home directory without having to do it one at a time? We only want each user having rights to their own home directory, and not anyone elses.

We have tried changing the rights for the root folder, and it shows that the container the users are in have Full Control of the root folder "Students", then each child folder is each student's home folder. But when I check the security permissions for each individual folder, that specific user is not listed as having rights. It would be nice to do this all at once instead of one at a time.

0
Comment
Question by:danisham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34111394
You can script this using xcalcs.vbs or some other tool.
http://support.microsoft.com/kb/825751

Also from with the GUI you can select multiple users and for their home drive type

\\servername\share\%username%

0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34111411
Reading your question it sounds like you are setting permissions to the users home drive, if you want login script you can select multiple users through the GUI like I mentioned before or use a GPO

http://www.windowsitpro.com/article/tips/jsi-tip-8215-how-do-i-configure-a-logon-script-via-group-policy-.aspx
0
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 800 total points
ID: 34111548
I think someone did change on the root folder where home folder are stored and clicked on Replace security settings for all child items ... So all the security for each Home directory has been reset.

To reset, you could use the name of each sub directory in your root folder and reset perm based on the name of each subfolder, as each subfolder should be the name of an user.

for /F "tokens=4* skip=7" %i in ('dir Drive:\RootFolder /A:D') do xcacls "Drive:\RootFolder\%i" /F /S /T /G "%i":F /I enable /O "%i"

Juste replace Drive:\Rootfolder with the path of the folder where all your Home are stored.
Be sure to have xcacls in the current directory (see KenMcF comment)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:danisham
ID: 34111683
It seems in the link provided by KenMcF that the xcacls.vbs script is only compatible with Windows 2000, XP, and 2003. We have Server 2008R2.
0
 

Author Comment

by:danisham
ID: 34111712
KenMcF, we have done it via GUI in your first respone. It did populate the path to their home drive but did not re-assing their permissions.
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 1200 total points
ID: 34111760
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34111775
What are the permissions set to on the root folder?
Does the users you are using to set the homedrive path have rights to the folders?
0
 

Author Closing Comment

by:danisham
ID: 34111794
Thank you for the documentation on the script I can use. This will take a little bit for me to research and implement, but it seems that this is the answer I was looking for.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question