Solved

CHANGE FOLDER PERMISION WITH A BAT FILE

Posted on 2011-02-11
21
898 Views
Last Modified: 2012-05-11
I would like to change a folders permissions with a startup script. The folder's name is C:\ABC and I would like to change the permission for the currently logged on user to full permission for this folder.

To be considered:
The user under which the script runs might very possibly not have Administrator privileges so the command might have to be executed specifying credentials or a user.
CACLS "C:\ABC\" /G %USERNAME%:F /Y
EXIT

Open in new window

0
Comment
Question by:Rebel_no_1
  • 9
  • 7
  • 4
  • +1
21 Comments
 
LVL 10

Expert Comment

by:scriven_j
ID: 34870384
Would you want this to run automatically (i.e. without a user having to type in an admin password?)
0
 

Author Comment

by:Rebel_no_1
ID: 34870455
Absolutely if possible.
0
 
LVL 5

Expert Comment

by:danubian
ID: 34870583
'This script allows limited accounts to change folder c:\abc permissions
'as the machine Administrator, with full control for the logged on users.
'change "mymachine" and "yourpassword" with your own
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /noprofile /env /user:mymachine\administrator "CACLS C:\ABC /T /E /G %USERNAME%:F"
WScript.Sleep 100
'Replace the string yourpassword~ below with
'the password used on your system by machine admin. Include tilde
oShell.Sendkeys "yourpassword~"
Wscript.Quit
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:Rebel_no_1
ID: 34870608
How exactly do I run this? This is not a .bat or a .vbs?
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 34870656
OK - the easiest way to achieve this is something like SANUR which can be downloaded from here:-

http://www.commandline.co.uk/sanur/

This allows you to run a command as an administrator and pipe in a password - you cannot do this with the normal runas command.

(Sanur is unsupported and they suggest on that page alternatives you could try if you are not happy using it).  I have used it loads though and not had any problems.

The batch file would look something like this

 
@echo off
@echo Changing File permissions
runas /u:domain\user "CACLS C:\ABC\ /G %USERNAME%:F /Y" | sanur adminpassword

Open in new window


Saved as scriptname.bat

You would need SANUR to be in the same folder (or include the complete path in the command).

The problem with this method is that the admin password will be included in clear text which is not good security practise.

The solution to this aspect of the problem, is to convert the batch (.BAT) file to an EXE file using something like Batch File Compiler (http://www.bdargo.com/).  This way the password will be encrypted.

Batch File Compiler is a paid version, but I'm sure you could Google for something free if you would prefer.

Once you have created an EXE file from the batch file, you would then just call the EXE file from another batch file like this:-

@echo off
start "" /WAIT scriptname.exe

Open in new window


Hope this all makes sense?
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 34870695
danubian's script would have the admin password sitting in clear text.  I would not be happy with this personally.
0
 
LVL 5

Accepted Solution

by:
danubian earned 500 total points
ID: 34870759
I'm not happy also with passowrds send on users as clear text but this is what it requested.

Keep in mind that every user can read from netlogon folders, so the password will be accesible to all domain users...
It is working as vbs. Take care that i refined it. On my env some options did not worked.
Save it as "myrights.vbs" and run it to test. Then put it as login script.

Option explicit
dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:machine\administrator ""CACLS C:\ABC /T /E /G %USERNAME%:F"""
WScript.Sleep 100
oShell.Sendkeys "yourpassword~"
Wscript.Quit

The script is adapted from vlaurie.com
0
 

Author Comment

by:Rebel_no_1
ID: 34870797
To me it is acceptable if the password is visible in an editable file as the normal users do not even have access to explorer or notepad. The text inside the file is therefore "secure" although the password must not be displayed on screen while the command is run. A simple CLS command should hide the command sufficiently. I also want to try not use any third party applications as this might complicate deployment of the script. I like to keep things as simple as possible.

At this stage I would therefore try to get danubian's solution running. (How do I run his script) and if unsuccessful will look at scriven's solution as a last resort. I say last resort as I would like to stick to standard windows components and commands.
0
 

Author Comment

by:Rebel_no_1
ID: 34870878
I ran the attached vbs... Open with a text editor. What am I doing wrong?
I know my password is visible...
XXX.vbs
0
 
LVL 5

Expert Comment

by:danubian
ID: 34870976
The script seems right.  But if the system is Windows 7, administrator user is disabled by default.
On other environments local administrator user is renamed.

For testing purpose run on command prompt first:
CACLS C:\ABC /T /E /G %USERNAME%:F
Then
runas /user:machine\administrator "CACLS C:\ABC /T /E /G %USERNAME%:F"

0
 

Author Comment

by:Rebel_no_1
ID: 34871353
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
Ok, I did on two folders:


C:\Users\A3AN>cd\

C:\>CACLS C:\ABC /T /E /G %USERNAME%:F
processed dir: C:\ABC
Access is denied.

C:\>CACLS C:\BCD /T /E /G %USERNAME%:F
The data is invalid.

C:\>

I removed the environment variable:

C:\>CACLS C:\BCD /T /E /G A3AN-LPT:F
processed dir: C:\BCD

C:\>CACLS C:\ABC /T /E /G A3AN-LPT:F
processed dir: C:\ABC
Access is denied.

C:\>

I am not sure if that means it is working?
0
 

Author Comment

by:Rebel_no_1
ID: 34871424
It seems that the environment variable might be causing an issue,
ECHO %USERNAME% will yield "A3AN"

I can give you my actual settings (it might help) because I format my testing laptop every few days.
My current details:
My computer name is: A3AN-LPT
My (Administrator) user name is: A3AN
My password is: a4
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 34871458
The switch from your original command /Y does not seem to be a valid command.

Also, when I run CACLS command myself, it asks "Are you sure" and expects a Y / N answer, so these things might be causing problems?

Are you running the command when you test as with the RUNAS?
0
 

Author Comment

by:Rebel_no_1
ID: 34871500
Ok it works, i think but it requests a password before completing the final step. Can I put this password in the script?


C:\>CACLS C:\BCD /T /E /G %USERNAME%:F
processed dir: C:\BCD

C:\>runas /user:A3AN-LPT\A3AN "CACLS C:\ABC /T /E /G %USERNAME%:F"
Enter the password for A3AN-LPT\A3AN:
Attempting to start CACLS C:\ABC /T /E /G A3AN:F as user "A3AN-LPT\A3AN" ...

C:\>
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 34871501
I get Access Denied error when using an invalid folder.  (badly worded error)  Does the folder exist?
0
 

Author Comment

by:Rebel_no_1
ID: 34871514
I am running windows 7 on my test pc. Sorry, guess I should have told you this earlier. :-)
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 34871521
You can always use my solution if it won't work (change the CACLS line to the one you have working)
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 34871539
SANUR might not work with Windows 7 though - original post stated Windows XP.
0
 

Author Comment

by:Rebel_no_1
ID: 34871645
I will test this current solution on monday using a windows xp pc as the final solution is expected to work on windows xp. I will then also test with the correct users and verify if the folder attributes changed. I should not have tested on windows 7 in the first place I guess. I was hoping that DOS would behave all the same. Thanks for all the help and I will get back to you as soon as I have tested this. I appreciate your time scriven and danubian.
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 34880116
Try this one:
'Start of Script
'VBRUNAS.VBS
'v1.2 March 2001
'Jeffery Hicks
'jhicks@quilogy.com http://www.quilogy.com
'USAGE: cscript|wscript VBRUNAS.VBS Username Password Command
'DESC: A RUNAS replacement to take password at a command prompt.
'NOTES: This is meant to be used for local access. If you want to run a command
'across the network as another user, you must add the /NETONLY switch to the RUNAS 
'command.

' *********************************************************************************
' * THIS PROGRAM IS OFFERED AS IS AND MAY BE FREELY MODIFIED OR ALTERED AS *
' * NECESSARY TO MEET YOUR NEEDS. THE AUTHOR MAKES NO GUARANTEES OR WARRANTIES, *
' * EXPRESS, IMPLIED OR OF ANY OTHER KIND TO THIS CODE OR ANY USER MODIFICATIONS. *
' * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED IN A SECURED LAB *
' * ENVIRONMENT. USE AT YOUR OWN RISK. *
' *********************************************************************************

On Error Resume Next
dim WshShell,oArgs,FSO

set oArgs=wscript.Arguments

if InStr(oArgs(0),"?")<>0 then
wscript.echo VBCRLF & "? HELP ?" & VBCRLF
Usage
end if

if oArgs.Count <3 then
wscript.echo VBCRLF & "! Usage Error !" & VBCRLF
Usage
end if

sUser=oArgs(0)
sPass=oArgs(1)&VBCRLF
sCmd=oArgs(2)

set WshShell = CreateObject("WScript.Shell")
set WshEnv = WshShell.Environment("Process")
WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"
set FSO = CreateObject("Scripting.FileSystemObject")

if FSO.FileExists(winpath) then
'wscript.echo winpath & " " & "verified"
else
wscript.echo "!! ERROR !!" & VBCRLF & "Can't find or verify " & winpath &"." & VBCRLF & "You must be running Windows 2000 for this script to work."
set WshShell=Nothing
set WshEnv=Nothing
set oArgs=Nothing
set FSO=Nothing
wscript.quit
end if

rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)
Wscript.Sleep 30 'need to give time for window to open.
WshShell.AppActivate(WinPath) 'make sure we grab the right window to send password to
WshShell.SendKeys sPass 'send the password to the waiting window.

set WshShell=Nothing
set oArgs=Nothing
set WshEnv=Nothing
set FSO=Nothing

wscript.quit

'************************
'* Usage Subroutine *
'************************
Sub Usage()
On Error Resume Next
msg="Usage: cscript|wscript vbrunas.vbs Username Password Command" & VBCRLF & VBCRLF & "You should use the full path where necessary and put long file names or commands" & VBCRLF & "with parameters in quotes" & VBCRLF & VBCRLF &"For example:" & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog e:\scripts\admin.vbs" & VBCRLF & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog " & CHR(34) &"e:\program files\scripts\admin.vbs 1stParameter 2ndParameter" & CHR(34)& VBCRLF & VBCRLF & VBCLRF & "cscript vbrunas.vbs /?|-? will display this message."

wscript.echo msg

wscript.quit

end sub
'End of Script 

Open in new window


Copy & paste this script into a file called vbrunas.vbs and call it like this

Usage:wscript vbrunas.vbs A3AN password "CACLS C:\BCD /T /E /G %USERNAME%:F"

Open in new window

0
 
LVL 5

Expert Comment

by:danubian
ID: 34885778
'Runas' command request passowrd. This is the normal behaviour and the vbs script just add the option to give password automatically.

On my Windows 7 system my script worked well. But you have to meet some conditions:
 - The credentials used to run the script have to have full control rights on the c:\abc folder. By default Windows 7 local administrator is not enabled. So, you need another user with full control rights on the requested folder;
 - The folder c:\abc have to already exists, with the credentials used already having full control on it.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question