VB script - create folder, map as specific drive letter.  Need to add user in Security tab

Posted on 2011-04-27
Last Modified: 2012-06-27
Here's the portion of our login script that creates, and maps a drive for a users folder.  I didn't realize it then, but this did not give the user modify rights.  Which is what I need help doing now.  I just want to add to the code I hve now, with what's needed to add the user to the security tab with modify rights.
''''''''''''''''''''''''''''''create user folder'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub CheckForUserFolder(UserName)
On Error Resume Next
Dim ObjFSO
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
	If Not(ObjFSO.FolderExists("\\jak-2k3-mss\users\" & UserName)) Then 
		Set newfolder = ObjFSO.CreateFolder("\\jak-2k3-mss\Users\" & UserName)
	End If
End Sub

Open in new window

Question by:Ben Hart
    LVL 15

    Expert Comment

    to change permissions you need the command cacls
    cacls /? at the command prompt to see which switches you need.
    The below link shows you how to use it with vb script.

    LVL 8

    Accepted Solution

    Hi ubadmin

    These two lines added to your code will set Full control for the user on thier folder

    Set oShell = CreateObject("Wscript.Shell")
    intRunError = oShell.Run("cacls \\jak-2k3-mss\Users\" & UserName & " /t /c /g " & Username & ":F ", 2, True)

    If you want to set to modify then change :F to :C

    LVL 7

    Expert Comment

    Is this for Active Directory users?  If so, you don't need to do this in a login script, you could just add a "Home Folder" to the user's "Profile" tab in AD Users and Computers.

    If you have a large number of Users to add this do, in ADUC create a Query called "All Users" and Define the Query so that on the "Users" tab, "Name" "Has a Value" and run the query.  Select all the users in the result, right click and pick "Properties" and you'll be able to modify them all at once.

    Go to the "Profile" tab, check the "Home Folder" box, select "Connect", choose a Drive Letter for the mapping and put in
    for the value in the "To:" field.  

    Once a user has a connected Home Folder value, the system should create the folder if it doesn't exist and automatically apply the rights needed for the user to use their home folder and also map the selected drive letter to the home folder each time they log in.
    LVL 14

    Author Comment

    by:Ben Hart
    Thanks CitizenRon.. I recall we used to have a line similar to that in the Home Folder field however it never actually created the folder.  Last year when I had help creating this portion of the script I forgot totally about the Home Folder's use..  I will test it, as well as Jawa29's code..

    Thanks both of you.
    LVL 7

    Assisted Solution

    I just looked at jawa29's script again and have a BIG issue with it.  He does NOT use the /E switch to tell CACLS to EDIT the permissions.  Without it, the ONLY permissions left on the folder will be what you tell it in the command.  All other permissions will be removed from the folder and all files and folders underneath it.

    With the /E switch, CACLS will just EDIT the ACLs and add permissions instead of completely replacing them.
    Set oShell = CreateObject("Wscript.Shell")
    intRunError = oShell.Run("cacls \\jak-2k3-mss\Users\" & UserName & " /t /e /c /g " & Username & ":F ", 2, True)

    Open in new window

    LVL 14

    Author Comment

    by:Ben Hart
    Ahh nice catch.  I'm fighting AV issues at the moment but glad you caught that.  Probably just a typo though.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Over the years I've spent many an hour playing on hardened, DMZ'd servers, with only a sub-set of the usual GNU toy's to keep me company; frequently I've needed to save and send log or data extracts from these server back to my PC, or to others, and…
    Recently, an awarded photographer, Selina De Maeyer (, completed a photo shoot of a beautiful event ( in An…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now