Solved

Auto create sub folder in all users home drives

Posted on 2013-06-07
12
421 Views
Last Modified: 2013-06-21
I need to create a folder called SCANS in all of our users home drives.
Is there a way to auto create these folders with the desired permissions?
0
Comment
Question by:steveLaMi
  • 4
  • 4
  • 3
  • +1
12 Comments
 
LVL 51

Expert Comment

by:Bill Prew
ID: 39230917
Where are the "home drives" located?

What permissions?

~bp
0
 
LVL 23

Expert Comment

by:Coralon
ID: 39230977
There are a *ton* of ways to do it.

1. As a one-time shot, you can do this by command line easily enough.  Assuming that the home directories are in \\server\share\<username>

pushd \\server\share
for /d %f in (*) do md "%f\SCANS"
popd

Open in new window


2. if you want an automated process, then you can create it by GPP, or by a login script.  The login script would be:
md "%homedrive%%homepath%\SCANS"

Open in new window


In these cases, the permissions will inherit.  It's easy enough to add a cacls.exe command in either of these after the folder is created.

1. This would change to:
pushd \\server\share
for /d %f in (*) do md "%f\SCANS" && cacls "%f\SCANS" /e /g useraccount:f /r useraccount2
popd

Open in new window


2. would change to
md "%homedrive%%homepath%\SCANS" && "%f\SCANS" /e /g useraccount:f /r useraccount2

Open in new window


CACLS has multiple options, and I put a couple there.
/e (edit permissions instead of overwrite them)
/r (remove permissions for the specified group, put " marks if you have spaces, like "domain users"
/g (grant permission to a user/group).
/t (process subdirectories also)

So, as a full example:
cacls "%homedrive%%homepath%\SCANS" /e /t /r "users" /g "authenticated users":c "creator owner":f

Open in new window

this command would take the newly created scans directory, edit the permissions on the folder and subfolders, would remove the normal Users group permission, would give the Authenticated Users group Change access (modify), and would give the Creator Owner full control.

Coralon
0
 
LVL 76

Expert Comment

by:arnold
ID: 39231070
You can use a login script.
Check whether the directory already exists.
If it does not mkdir homedir driveletter:\scans
Etc.
0
 

Author Comment

by:steveLaMi
ID: 39245464
Coralon,

The folder creation worked great.  Now I have a scanning account, example: Ricoh5000, that I want to have full access to that SCANS directory only.  Can that be automated as well?
0
 
LVL 23

Expert Comment

by:Coralon
ID: 39246182
Absolutely.  

The method just depends on how you created the folders in the first place.

If you did it manually (like the first example)
pushd \\server\share
for /d %f in (*) do cacls "%f\SCANS" /e /t /g "domain\ricoh5000":f
popd

Open in new window


If you went for the automatic method, then you just use the example I posted above..
md "%homedrive%%homepath%\SCANS" && "%f\SCANS" /e /t /g "domain\ricoh5000":f 

Open in new window


The automatic would do well with an if statement now that I'm thinking about it even more.  
if exist "%homedrive%%homepath%\SCANS" (echo .) else (md "%homedrive%%homepath%\SCANS" && cacls "%homedrive%%homepath%\SCANS" /e /t /g "domain\ricoh5000":f )

Open in new window


Coralon
0
 

Author Comment

by:steveLaMi
ID: 39253891
When I type that in I get a More prompt.
Any ideas?

FYI my path is
\\cisvfs\home\%username%\scans
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Expert Comment

by:arnold
ID: 39254842
%username% is a variable.

Where are you typeing this ?

A simple USER GPO with a login script that does
@echo off
mkdir %userprofile%\scans where presumably


should do the trick.
0
 
LVL 23

Expert Comment

by:Coralon
ID: 39254872
You don't want the user profile, you want the home directory.

If you are getting a more prompt, there is a typo in the command, because it is looking for another character (i.e. command terminator).

Coralon
0
 

Author Comment

by:steveLaMi
ID: 39266250
Thanks for getting back to me. The folder creation actually worked. All of my users have a SCANS folder in their home drives now.  However, the adding of PHILLYRICOH to the security access list for full permissions did not take.  Is there a way of just adding that to the existing scans folders?
0
 
LVL 76

Expert Comment

by:arnold
ID: 39266303
IMHO, changes to user level folders are best done through user level GPO login or logout script or both.
The folder in question is owned by the user. The user can use cacls to grant (/e ) edit the existing ACL to make sure.

The main issue I see is that the scans folder likely has granted rights to user PHILLYRICOH full rights within the folder, the problem is that the user PHILLYRICOH likely has no rights to pass %homedrive%%homepath%\

You need to add phillyricoh to the main share with traverse directory rights.
so phillyricoh can do
make sure the use phillyricoh has rights/security settings on the sharing permissions side.
0
 
LVL 23

Accepted Solution

by:
Coralon earned 500 total points
ID: 39266519
Using the initial code for a manual setup:

pushd \\server\share
for /d %f in (*) do cacls "%f\SCANS" /e /g <domain>\phillyricoh:f /t
popd

Open in new window


Arnold:
I was referring to the automated script.  With the automated script, it is running from the user's security context, and they already own the directory and have full control.  With that, the 2nd piece of the script with cacls.exe is running in the user context, so they have %homedrive%%homepath%.

The manual script piece (that I have in this post) is for the admins.  

Coralon
0
 
LVL 76

Expert Comment

by:arnold
ID: 39266847
Check what effective rights this user has on the sharing security settings.  This is where the write rights might be missing.
Is the phillyricoh user unable to access the share?
Lets try this example.  You using cacls granted phillyricoh access to a subdirectory.
What is the effective permission for phillyricoh user on the %username% directory of any f your users?
Can it access traverse directory, read contents?
I.e. you give a person, phillyricoh, the master key for the entire third floor.  In the mornng you arrive to see phillyricoh standing at the front door.
You ask him what is going on? He tells you, he can not enter.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now