Solved

Auto create sub folder in all users home drives

Posted on 2013-06-07
12
445 Views
Last Modified: 2013-06-21
I need to create a folder called SCANS in all of our users home drives.
Is there a way to auto create these folders with the desired permissions?
0
Comment
Question by:steveLaMi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +1
12 Comments
 
LVL 55

Expert Comment

by:Bill Prew
ID: 39230917
Where are the "home drives" located?

What permissions?

~bp
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39230977
There are a *ton* of ways to do it.

1. As a one-time shot, you can do this by command line easily enough.  Assuming that the home directories are in \\server\share\<username>

pushd \\server\share
for /d %f in (*) do md "%f\SCANS"
popd

Open in new window


2. if you want an automated process, then you can create it by GPP, or by a login script.  The login script would be:
md "%homedrive%%homepath%\SCANS"

Open in new window


In these cases, the permissions will inherit.  It's easy enough to add a cacls.exe command in either of these after the folder is created.

1. This would change to:
pushd \\server\share
for /d %f in (*) do md "%f\SCANS" && cacls "%f\SCANS" /e /g useraccount:f /r useraccount2
popd

Open in new window


2. would change to
md "%homedrive%%homepath%\SCANS" && "%f\SCANS" /e /g useraccount:f /r useraccount2

Open in new window


CACLS has multiple options, and I put a couple there.
/e (edit permissions instead of overwrite them)
/r (remove permissions for the specified group, put " marks if you have spaces, like "domain users"
/g (grant permission to a user/group).
/t (process subdirectories also)

So, as a full example:
cacls "%homedrive%%homepath%\SCANS" /e /t /r "users" /g "authenticated users":c "creator owner":f

Open in new window

this command would take the newly created scans directory, edit the permissions on the folder and subfolders, would remove the normal Users group permission, would give the Authenticated Users group Change access (modify), and would give the Creator Owner full control.

Coralon
0
 
LVL 78

Expert Comment

by:arnold
ID: 39231070
You can use a login script.
Check whether the directory already exists.
If it does not mkdir homedir driveletter:\scans
Etc.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:steveLaMi
ID: 39245464
Coralon,

The folder creation worked great.  Now I have a scanning account, example: Ricoh5000, that I want to have full access to that SCANS directory only.  Can that be automated as well?
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39246182
Absolutely.  

The method just depends on how you created the folders in the first place.

If you did it manually (like the first example)
pushd \\server\share
for /d %f in (*) do cacls "%f\SCANS" /e /t /g "domain\ricoh5000":f
popd

Open in new window


If you went for the automatic method, then you just use the example I posted above..
md "%homedrive%%homepath%\SCANS" && "%f\SCANS" /e /t /g "domain\ricoh5000":f 

Open in new window


The automatic would do well with an if statement now that I'm thinking about it even more.  
if exist "%homedrive%%homepath%\SCANS" (echo .) else (md "%homedrive%%homepath%\SCANS" && cacls "%homedrive%%homepath%\SCANS" /e /t /g "domain\ricoh5000":f )

Open in new window


Coralon
0
 

Author Comment

by:steveLaMi
ID: 39253891
When I type that in I get a More prompt.
Any ideas?

FYI my path is
\\cisvfs\home\%username%\scans
0
 
LVL 78

Expert Comment

by:arnold
ID: 39254842
%username% is a variable.

Where are you typeing this ?

A simple USER GPO with a login script that does
@echo off
mkdir %userprofile%\scans where presumably


should do the trick.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39254872
You don't want the user profile, you want the home directory.

If you are getting a more prompt, there is a typo in the command, because it is looking for another character (i.e. command terminator).

Coralon
0
 

Author Comment

by:steveLaMi
ID: 39266250
Thanks for getting back to me. The folder creation actually worked. All of my users have a SCANS folder in their home drives now.  However, the adding of PHILLYRICOH to the security access list for full permissions did not take.  Is there a way of just adding that to the existing scans folders?
0
 
LVL 78

Expert Comment

by:arnold
ID: 39266303
IMHO, changes to user level folders are best done through user level GPO login or logout script or both.
The folder in question is owned by the user. The user can use cacls to grant (/e ) edit the existing ACL to make sure.

The main issue I see is that the scans folder likely has granted rights to user PHILLYRICOH full rights within the folder, the problem is that the user PHILLYRICOH likely has no rights to pass %homedrive%%homepath%\

You need to add phillyricoh to the main share with traverse directory rights.
so phillyricoh can do
make sure the use phillyricoh has rights/security settings on the sharing permissions side.
0
 
LVL 25

Accepted Solution

by:
Coralon earned 500 total points
ID: 39266519
Using the initial code for a manual setup:

pushd \\server\share
for /d %f in (*) do cacls "%f\SCANS" /e /g <domain>\phillyricoh:f /t
popd

Open in new window


Arnold:
I was referring to the automated script.  With the automated script, it is running from the user's security context, and they already own the directory and have full control.  With that, the 2nd piece of the script with cacls.exe is running in the user context, so they have %homedrive%%homepath%.

The manual script piece (that I have in this post) is for the admins.  

Coralon
0
 
LVL 78

Expert Comment

by:arnold
ID: 39266847
Check what effective rights this user has on the sharing security settings.  This is where the write rights might be missing.
Is the phillyricoh user unable to access the share?
Lets try this example.  You using cacls granted phillyricoh access to a subdirectory.
What is the effective permission for phillyricoh user on the %username% directory of any f your users?
Can it access traverse directory, read contents?
I.e. you give a person, phillyricoh, the master key for the entire third floor.  In the mornng you arrive to see phillyricoh standing at the front door.
You ask him what is going on? He tells you, he can not enter.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question