Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Auto create sub folder in all users home drives

Posted on 2013-06-07
12
Medium Priority
?
449 Views
Last Modified: 2013-06-21
I need to create a folder called SCANS in all of our users home drives.
Is there a way to auto create these folders with the desired permissions?
0
Comment
Question by:steveLaMi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +1
12 Comments
 
LVL 58

Expert Comment

by:Bill Prew
ID: 39230917
Where are the "home drives" located?

What permissions?

~bp
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39230977
There are a *ton* of ways to do it.

1. As a one-time shot, you can do this by command line easily enough.  Assuming that the home directories are in \\server\share\<username>

pushd \\server\share
for /d %f in (*) do md "%f\SCANS"
popd

Open in new window


2. if you want an automated process, then you can create it by GPP, or by a login script.  The login script would be:
md "%homedrive%%homepath%\SCANS"

Open in new window


In these cases, the permissions will inherit.  It's easy enough to add a cacls.exe command in either of these after the folder is created.

1. This would change to:
pushd \\server\share
for /d %f in (*) do md "%f\SCANS" && cacls "%f\SCANS" /e /g useraccount:f /r useraccount2
popd

Open in new window


2. would change to
md "%homedrive%%homepath%\SCANS" && "%f\SCANS" /e /g useraccount:f /r useraccount2

Open in new window


CACLS has multiple options, and I put a couple there.
/e (edit permissions instead of overwrite them)
/r (remove permissions for the specified group, put " marks if you have spaces, like "domain users"
/g (grant permission to a user/group).
/t (process subdirectories also)

So, as a full example:
cacls "%homedrive%%homepath%\SCANS" /e /t /r "users" /g "authenticated users":c "creator owner":f

Open in new window

this command would take the newly created scans directory, edit the permissions on the folder and subfolders, would remove the normal Users group permission, would give the Authenticated Users group Change access (modify), and would give the Creator Owner full control.

Coralon
0
 
LVL 80

Expert Comment

by:arnold
ID: 39231070
You can use a login script.
Check whether the directory already exists.
If it does not mkdir homedir driveletter:\scans
Etc.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:steveLaMi
ID: 39245464
Coralon,

The folder creation worked great.  Now I have a scanning account, example: Ricoh5000, that I want to have full access to that SCANS directory only.  Can that be automated as well?
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39246182
Absolutely.  

The method just depends on how you created the folders in the first place.

If you did it manually (like the first example)
pushd \\server\share
for /d %f in (*) do cacls "%f\SCANS" /e /t /g "domain\ricoh5000":f
popd

Open in new window


If you went for the automatic method, then you just use the example I posted above..
md "%homedrive%%homepath%\SCANS" && "%f\SCANS" /e /t /g "domain\ricoh5000":f 

Open in new window


The automatic would do well with an if statement now that I'm thinking about it even more.  
if exist "%homedrive%%homepath%\SCANS" (echo .) else (md "%homedrive%%homepath%\SCANS" && cacls "%homedrive%%homepath%\SCANS" /e /t /g "domain\ricoh5000":f )

Open in new window


Coralon
0
 

Author Comment

by:steveLaMi
ID: 39253891
When I type that in I get a More prompt.
Any ideas?

FYI my path is
\\cisvfs\home\%username%\scans
0
 
LVL 80

Expert Comment

by:arnold
ID: 39254842
%username% is a variable.

Where are you typeing this ?

A simple USER GPO with a login script that does
@echo off
mkdir %userprofile%\scans where presumably


should do the trick.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39254872
You don't want the user profile, you want the home directory.

If you are getting a more prompt, there is a typo in the command, because it is looking for another character (i.e. command terminator).

Coralon
0
 

Author Comment

by:steveLaMi
ID: 39266250
Thanks for getting back to me. The folder creation actually worked. All of my users have a SCANS folder in their home drives now.  However, the adding of PHILLYRICOH to the security access list for full permissions did not take.  Is there a way of just adding that to the existing scans folders?
0
 
LVL 80

Expert Comment

by:arnold
ID: 39266303
IMHO, changes to user level folders are best done through user level GPO login or logout script or both.
The folder in question is owned by the user. The user can use cacls to grant (/e ) edit the existing ACL to make sure.

The main issue I see is that the scans folder likely has granted rights to user PHILLYRICOH full rights within the folder, the problem is that the user PHILLYRICOH likely has no rights to pass %homedrive%%homepath%\

You need to add phillyricoh to the main share with traverse directory rights.
so phillyricoh can do
make sure the use phillyricoh has rights/security settings on the sharing permissions side.
0
 
LVL 25

Accepted Solution

by:
Coralon earned 2000 total points
ID: 39266519
Using the initial code for a manual setup:

pushd \\server\share
for /d %f in (*) do cacls "%f\SCANS" /e /g <domain>\phillyricoh:f /t
popd

Open in new window


Arnold:
I was referring to the automated script.  With the automated script, it is running from the user's security context, and they already own the directory and have full control.  With that, the 2nd piece of the script with cacls.exe is running in the user context, so they have %homedrive%%homepath%.

The manual script piece (that I have in this post) is for the admins.  

Coralon
0
 
LVL 80

Expert Comment

by:arnold
ID: 39266847
Check what effective rights this user has on the sharing security settings.  This is where the write rights might be missing.
Is the phillyricoh user unable to access the share?
Lets try this example.  You using cacls granted phillyricoh access to a subdirectory.
What is the effective permission for phillyricoh user on the %username% directory of any f your users?
Can it access traverse directory, read contents?
I.e. you give a person, phillyricoh, the master key for the entire third floor.  In the mornng you arrive to see phillyricoh standing at the front door.
You ask him what is going on? He tells you, he can not enter.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question