Setting NTFS folder permissions using a script

I need a script or method to provide modify permissions to the local NT USERS group for a folder called: c:\program files\test.  Any assistance is greatly appreciated!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

For these situations, I just use the cacls (or in newer Windows, icacls) as an executed command
Here are some examples to help you a bit:
dgore1Author Commented:
I should have also indicated the following:

We are in a Server 2008 R2 64bit world with Windows 7 enterprise clients throughout...about 14K clients....Not only do we wish to change that permission, but use the script via SCCM to do all 14K workstations.....not sure if the commands above will work in SCCM where we know VBSCRIPT does...
It will work, since it's still a Vbscript, calling an INTERNAL Windows command (cacls works from aby plain installed Win7)
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

dgore1Author Commented:
I'll give it a try today!
dgore1Author Commented:
Aren't you supposed to use iCalcs with Windows 7.
dgore1Author Commented:
Just so you know, it failed on the Windows 7 workstations using calcs.
On Win7 you should be able to use both. However, I'm pretty sure it's not the cacls or the icacls problem.
If you just execute the vbscript as an admin on a random workstation, read the error from the screen. It's probably some a syntax error from the commands you typed in, not a vbscript or cacls/icacls error.
dgore1Author Commented:
Ok...I have a solution that uses VBscript and XCALCS that is modified to work with Windows 7.  To modify XCALCLS is included in the comments.

TESTPrep - test
' This script:
'      Creates the TEST folder under Program Files if it doesn't exist.
'      Resets the permissions to Administrators, System, Domain Users - Full Control. Users - Read & Xecute
'      Creates the registry key depending on if system is 64-bit or 32-bit.

' Note on XCALCS
'      XCALCs was modified for Windows 7. If you are running a different version you need to modify it to work with Windows 7
'   open XCALCS.VBS in Notepad
'   search for Function IsOSSupported()
'   change this line:
'         Case "5.0", "5.1", "5.2"
'       to:
'       Case "5.0", "5.1", "5.2", "6.1"
'   save.

on error resume next

'Script needs to run elevated or it will fail to create the folder.
If WScript.Arguments.Named.Exists("elevated") = False Then
      'Launch the script again as administrator
      CreateObject("Shell.Application").ShellExecute "wscript.exe", """" & WScript.ScriptFullName & """ /elevated", "", "runas", 1
      'Change the working directory from the system32 folder back to the script's folder.
      Set oShell = CreateObject("WScript.Shell")
      oShell.CurrentDirectory = CreateObject("Scripting.FileSystemObject").GetParentFolderName(WScript.ScriptFullName)
End If

'Constant for the Registry

'This will hold the templates that we will create
Dim strDirectory:      strDirectory = "\\~\#\TEST"
Dim MyReg:                  MyReg = "SOFTWARE\~JavaSoft\Prefs\net\diversecomputing\TEST"

Dim objNetwork:            Set objNetwork = CreateObject("Wscript.Network")
Dim objShell:             Set objShell = WScript.CreateObject("WScript.Shell")

Dim strComputerName                                                                              'This holds the name of the computer you are running the script against.
Dim AppTitle:            AppTitle = "Remote TEST Prep" & Space(50) & "v1.0"      'Title of the application

'Prompt user for the computer name
strComputerName = InputBox("This script will:" & vbNewLine & vbTab & "*Create the TEST folder if it doesn't exist." & vbNewLine & vbTab & "*Add the required permissions to the folder." & vbNewLine & vbTab & "*Add the TEST Registry key." & string(2, vbNewLine) & "Enter the name of the computer:",AppTitle,objNetwork.ComputerName)
If strComputerName = "" Then Wscript.quit 0

'Attempt to ping the PC to see if it is reachable.
Dim objWMIService:      Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colPings = objWMIService.ExecQuery("Select * From Win32_PingStatus where Address = " & "'" & strComputerName & "'")
For Each objStatus in colPings
    If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then
            objShell.Popup strComputerName & " appears to be offline or is unreachable." & String(2,vbNewLine) & "Verify the name and try again." & vbNewLine & "Script exiting.",10,AppTitle,&h0+&h10
            Wscript.Quit 1
    End If
Set colPings = Nothing
Set objWMIService = Nothing

'Build the path to the TEST folder on the PC.
strDirectory = Replace(strDirectory, "~", strComputerName)
strDirectory = Replace(strDirectory, "#", ProgFileFolder(strComputerName))
strDirectory = Replace(strDirectory, ":", "$")

'Create the TEST folder and add the permissions
CreateTESTFolder strDirectory

'Create the entry in the registry
CreateMyReg strComputerName

'Allow time for XCACLS to complete it's task.
'Wscript.Sleep 5000
objShell.Popup strComputerName & " completed." & vbNewLine & "Script exiting.",10,"Remote TEST Prep" & Space(10) & "v1.0",0+64

Sub CreateMyReg(RemoteComputer)
      'Set the registry key/value
      '64-bit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Prefs\net\diversecomputing\TEST]
      '32-bit HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs\net\diversecomputing\TEST]
      '"eahome"="/C:///Program /Files//e/Agent"
      Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & RemoteComputer & "\root\default:StdRegProv")

      'Check if the computer you are modifying is 64-bit
      If is64(strComputerName) = True Then
            'It is 64-bit. Set the correct key.
            MyReg = Replace(MyReg, "~", "Wow6432Node\")
            'It is 32-bit. Set the correct key.
            MyReg = Replace(MyReg,"~","")
      End If
      strKeyPath = MyReg
      'Create the key
      oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
      'Create the value
      strValueName = "eahome"
      strValue = "/C:///Program /Files//e/Agent"
      oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

End Sub

Sub CreateTESTFolder(strDir)
      'Create the folder on the PC if it doesn't exist.
      Dim objFSORemote:      Set objFSORemote = WScript.CreateObject("Scripting.FileSystemObject")
      If objFSORemote.FolderExists(strDirectory) = False Then
            If Right(strDirectory, 1) <> "\" Then strDirectory = strDirectory & "\"
            if Err.Number <> 0 Then
                  MsgBox err.number & "-" & err.description
            End If
      End If
      'Replace permissions on this folder.
      'Administrator                               - Full Control
      'System                                     - Full Control
      'User                                          - Read & Execute
      'TESTDOMAIN\Domain Users       - Full Control
      strCommand = "cscript xcacls.vbs " & Chr(34) & strDirectory & Chr(34) & " /P Administrators:F /P System:F /G " & Chr(34) & "TESTDOMAIN\Domain Users" & Chr(34) & ":F /P Users:X /Q"
      intReturn =, 0, True)
End Sub

Function ProgFileFolder(RemoteComputer)
      'Return location of Program Files folder on remote workstation
      'Normally we don't need to worry about this since PF will be under C:\
      Set objReg = GetObject("winmgmts:\\" & RemoteComputer & "\root\default:StdRegProv")

      strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion"
      ValueName = "ProgramFilesDir"
      objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue

      ProgFileFolder = strValue
End Function

Function is64(RemoteComputer)
      'To check whether the OS is 32 bit or 64 bit of Windows 7
      Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & RemoteComputer & "\root\default:StdRegProv")
      strKeyPath = "HARDWARE\DESCRIPTION\System\CentralProcessor\0"
      strValueName = "Identifier"
      oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
      is64 = (instr(strValue,"64") > 0)
End Function

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dgore1Author Commented:
The comment included the actual script to perform the desired request.  The first comment at least pointed me in the right direction.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.