VB script - create folder, map as specific drive letter. Need to add user in Security tab

Here's the portion of our login script that creates, and maps a drive for a users folder.  I didn't realize it then, but this did not give the user modify rights.  Which is what I need help doing now.  I just want to add to the code I hve now, with what's needed to add the user to the security tab with modify rights.
''''''''''''''''''''''''''''''create user folder'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub CheckForUserFolder(UserName)
On Error Resume Next
Dim ObjFSO
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
	If Not(ObjFSO.FolderExists("\\jak-2k3-mss\users\" & UserName)) Then 
		Set newfolder = ObjFSO.CreateFolder("\\jak-2k3-mss\Users\" & UserName)
	End If
End Sub

Open in new window

LVL 14
Ben HartAsked:
Who is Participating?
 
jawa29Commented:
Hi ubadmin

These two lines added to your code will set Full control for the user on thier folder

Set oShell = CreateObject("Wscript.Shell")
intRunError = oShell.Run("cacls \\jak-2k3-mss\Users\" & UserName & " /t /c /g " & Username & ":F ", 2, True)

If you want to set to modify then change :F to :C

Jawa29
0
 
greg wardSystems EngineerCommented:
to change permissions you need the command cacls
cacls /? at the command prompt to see which switches you need.
The below link shows you how to use it with vb script.

http://www.appdeploy.com/messageboards/tm.asp?m=15015

Greg
0
 
CitizenRonCommented:
Is this for Active Directory users?  If so, you don't need to do this in a login script, you could just add a "Home Folder" to the user's "Profile" tab in AD Users and Computers.

If you have a large number of Users to add this do, in ADUC create a Query called "All Users" and Define the Query so that on the "Users" tab, "Name" "Has a Value" and run the query.  Select all the users in the result, right click and pick "Properties" and you'll be able to modify them all at once.

Go to the "Profile" tab, check the "Home Folder" box, select "Connect", choose a Drive Letter for the mapping and put in
\\jak-2k3-mss\users\%USERNAME%
for the value in the "To:" field.  

Once a user has a connected Home Folder value, the system should create the folder if it doesn't exist and automatically apply the rights needed for the user to use their home folder and also map the selected drive letter to the home folder each time they log in.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
Ben HartAuthor Commented:
Thanks CitizenRon.. I recall we used to have a line similar to that in the Home Folder field however it never actually created the folder.  Last year when I had help creating this portion of the script I forgot totally about the Home Folder's use..  I will test it, as well as Jawa29's code..

Thanks both of you.
0
 
CitizenRonCommented:
I just looked at jawa29's script again and have a BIG issue with it.  He does NOT use the /E switch to tell CACLS to EDIT the permissions.  Without it, the ONLY permissions left on the folder will be what you tell it in the command.  All other permissions will be removed from the folder and all files and folders underneath it.

With the /E switch, CACLS will just EDIT the ACLs and add permissions instead of completely replacing them.
Set oShell = CreateObject("Wscript.Shell")
intRunError = oShell.Run("cacls \\jak-2k3-mss\Users\" & UserName & " /t /e /c /g " & Username & ":F ", 2, True)

Open in new window

0
 
Ben HartAuthor Commented:
Ahh nice catch.  I'm fighting AV issues at the moment but glad you caught that.  Probably just a typo though.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.