Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 455
  • Last Modified:

Auto create sub folder in all users home drives

I need to create a folder called SCANS in all of our users home drives.
Is there a way to auto create these folders with the desired permissions?
0
steveLaMi
Asked:
steveLaMi
  • 4
  • 4
  • 3
  • +1
1 Solution
 
Bill PrewCommented:
Where are the "home drives" located?

What permissions?

~bp
0
 
CoralonCommented:
There are a *ton* of ways to do it.

1. As a one-time shot, you can do this by command line easily enough.  Assuming that the home directories are in \\server\share\<username>

pushd \\server\share
for /d %f in (*) do md "%f\SCANS"
popd

Open in new window


2. if you want an automated process, then you can create it by GPP, or by a login script.  The login script would be:
md "%homedrive%%homepath%\SCANS"

Open in new window


In these cases, the permissions will inherit.  It's easy enough to add a cacls.exe command in either of these after the folder is created.

1. This would change to:
pushd \\server\share
for /d %f in (*) do md "%f\SCANS" && cacls "%f\SCANS" /e /g useraccount:f /r useraccount2
popd

Open in new window


2. would change to
md "%homedrive%%homepath%\SCANS" && "%f\SCANS" /e /g useraccount:f /r useraccount2

Open in new window


CACLS has multiple options, and I put a couple there.
/e (edit permissions instead of overwrite them)
/r (remove permissions for the specified group, put " marks if you have spaces, like "domain users"
/g (grant permission to a user/group).
/t (process subdirectories also)

So, as a full example:
cacls "%homedrive%%homepath%\SCANS" /e /t /r "users" /g "authenticated users":c "creator owner":f

Open in new window

this command would take the newly created scans directory, edit the permissions on the folder and subfolders, would remove the normal Users group permission, would give the Authenticated Users group Change access (modify), and would give the Creator Owner full control.

Coralon
0
 
arnoldCommented:
You can use a login script.
Check whether the directory already exists.
If it does not mkdir homedir driveletter:\scans
Etc.
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
steveLaMiAuthor Commented:
Coralon,

The folder creation worked great.  Now I have a scanning account, example: Ricoh5000, that I want to have full access to that SCANS directory only.  Can that be automated as well?
0
 
CoralonCommented:
Absolutely.  

The method just depends on how you created the folders in the first place.

If you did it manually (like the first example)
pushd \\server\share
for /d %f in (*) do cacls "%f\SCANS" /e /t /g "domain\ricoh5000":f
popd

Open in new window


If you went for the automatic method, then you just use the example I posted above..
md "%homedrive%%homepath%\SCANS" && "%f\SCANS" /e /t /g "domain\ricoh5000":f 

Open in new window


The automatic would do well with an if statement now that I'm thinking about it even more.  
if exist "%homedrive%%homepath%\SCANS" (echo .) else (md "%homedrive%%homepath%\SCANS" && cacls "%homedrive%%homepath%\SCANS" /e /t /g "domain\ricoh5000":f )

Open in new window


Coralon
0
 
steveLaMiAuthor Commented:
When I type that in I get a More prompt.
Any ideas?

FYI my path is
\\cisvfs\home\%username%\scans
0
 
arnoldCommented:
%username% is a variable.

Where are you typeing this ?

A simple USER GPO with a login script that does
@echo off
mkdir %userprofile%\scans where presumably


should do the trick.
0
 
CoralonCommented:
You don't want the user profile, you want the home directory.

If you are getting a more prompt, there is a typo in the command, because it is looking for another character (i.e. command terminator).

Coralon
0
 
steveLaMiAuthor Commented:
Thanks for getting back to me. The folder creation actually worked. All of my users have a SCANS folder in their home drives now.  However, the adding of PHILLYRICOH to the security access list for full permissions did not take.  Is there a way of just adding that to the existing scans folders?
0
 
arnoldCommented:
IMHO, changes to user level folders are best done through user level GPO login or logout script or both.
The folder in question is owned by the user. The user can use cacls to grant (/e ) edit the existing ACL to make sure.

The main issue I see is that the scans folder likely has granted rights to user PHILLYRICOH full rights within the folder, the problem is that the user PHILLYRICOH likely has no rights to pass %homedrive%%homepath%\

You need to add phillyricoh to the main share with traverse directory rights.
so phillyricoh can do
make sure the use phillyricoh has rights/security settings on the sharing permissions side.
0
 
CoralonCommented:
Using the initial code for a manual setup:

pushd \\server\share
for /d %f in (*) do cacls "%f\SCANS" /e /g <domain>\phillyricoh:f /t
popd

Open in new window


Arnold:
I was referring to the automated script.  With the automated script, it is running from the user's security context, and they already own the directory and have full control.  With that, the 2nd piece of the script with cacls.exe is running in the user context, so they have %homedrive%%homepath%.

The manual script piece (that I have in this post) is for the admins.  

Coralon
0
 
arnoldCommented:
Check what effective rights this user has on the sharing security settings.  This is where the write rights might be missing.
Is the phillyricoh user unable to access the share?
Lets try this example.  You using cacls granted phillyricoh access to a subdirectory.
What is the effective permission for phillyricoh user on the %username% directory of any f your users?
Can it access traverse directory, read contents?
I.e. you give a person, phillyricoh, the master key for the entire third floor.  In the mornng you arrive to see phillyricoh standing at the front door.
You ask him what is going on? He tells you, he can not enter.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now