Question

Locked

VBScript that will automatically set permissions on users profiles

By mail.aaron.kirk ·
Hello,

I am trying to write a VBScript that will automatically set permissions on users profiles.
eg. Set the Security, Owner and Inheritance for a users home folder.

Is there a command line tool available that sets the "Inherit from parent the permission entries that apply to child objects. Include these entries explicitly defined here" and "Replace permission entries on all child objects with entries shown here that apply to child objects" check boxes on the Permissions tab when right clicking a folder, selecting Properties, Security, Advanced?

I have been able to set the security and owner attributes on the command line using cacls and subinacl for a user(see below), however I haven't been successful in finding a command line tool that sets the options above.

--------------
cacls \\Folder\UserHomeFolders\john.smith /e /r john.smith
cacls \\Folder\UserHomeFolders\john.smith /t /e /g domain\john.smith:C
subinacl /subdirectories \\Folder\UserHomeFolders\john.smith*.* /setowner=Administrators
--------------


Any thoughts/suggestions you may have to assist with this would be greatly appreciated. Thank you.
Kind Regards,

Aaron.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

This should help

by Jacky Howe In reply to VBScript that will automa ...

and plenty of help here.

http://www.computerperformance.co.uk/Logon/VBScript/

' CaclsExcel.vbs
' Example VBScript to set Cacls
' Version 2.4 - September 2005
' ---------------------------------------------------------'
Option Explicit
Dim intRow, objExcel, objSheet, strPathExcel
Dim strHomeFolder, strHome, strUser
Dim strProf,strProFolder
Dim objFSO, objShell, intRunError

' Note you will have to amend the following variables
strHome = "\\fs2003\users\"
strProf = "\\fs2003\profiles$\"
strPathExcel = "E:\Scripts\guyUsers.xls"
intRow = 3 ' Row 1 contains headings

' Open the Excel spreadsheet
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objExcel = CreateObject("Excel.Application")
Set objSheet = objExcel.Workbooks.Open(strPathExcel)

' Create a shell for cmd and CACLS
Set objShell = CreateObject("Wscript.Shell")

' Here is the loop that cycles through the cells
Do Until (objExcel.Cells(intRow,1).Value) = ""
strUser = objExcel.Cells(intRow, 1).Value
call HomeDir ' I decided to use a subroutine
call ProfDir ' Create Profile Folder
intRow = intRow + 1
Loop
objExcel.Quit ' Clears up Excel


Sub HomeDir()
strHomeFolder = strHome & strUser
If strHomeFolder <> "" Then
If Not objFSO.FolderExists(strHomeFolder) Then
On Error Resume Next
objFSO.CreateFolder strHomeFolder
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Cannot create: " & strHomeFolder
End If
On Error GoTo 0
End If
If objFSO.FolderExists(strHomeFolder) Then
' Assign user permission to home folder.
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls "_
& strHomeFolder & " /t /c /g Administrators:f Staff:f "_
& strUser & ":F", 2, True)
If intRunError <> 0 Then
Wscript.Echo "Error assigning permissions for user " _
& strUser & " to home folder " & strHomeFolder
End If
End If
End If
End Sub
objExcel.Quit

Sub ProfDir()
strProFolder = strProf & strUser
If strProFolder <> "" Then
If Not objFSO.FolderExists(strProFolder) Then
On Error Resume Next
objFSO.CreateFolder strProFolder
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Cannot create: " & strProFolder
End If
End If
If objFSO.FolderExists(strProFolder) Then
' Assign user permission to home folder.
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls "_
& strProFolder & " /t /c /g Administrators:f "_
& strUser & ":F", 2, True)
If intRunError <> 0 Then
Wscript.Echo "Error assigning permissions for user " _
& strUser & " to profile folder " & strProFolder
End If
End If
End If
End Sub
objExcel.Quit

Collapse -

VBScript that will automatically set permissions on users profiles

by mail.aaron.kirk In reply to This should help

True Blue,

Thank you for your excellent prompt response. That is exactly the type of script of was working towards with a few differences.

I have found that when checking the Permissions tab I find many users have <not inherited> displayed in the "inherited from" section. Which one of these switches is actually fixing that instead of manually checking the inheritance boxes?

Collapse -

Cacls :) <NT>

by Jacky Howe In reply to VBScript that will automa ...
Collapse -

cacls

by mail.aaron.kirk In reply to Cacls :) <NT>

Ok great,
I will do more testing on the command line to get this working first before I put it in code and post it because at present the inheritance isn't being "reflowed".

Regards,

Aaron.

Collapse -

What

by Jacky Howe In reply to cacls

it is doing is setting permissions on the Folders. Administrators Full Control, Users Full Control over their Home Folders. Don't worry about the inheritance.

The idea with the profile folder is to have it hidden with Administrators Full Control, Users Full Control over their Profile Folders.

The whole idea of giving users a Home Directory is a base to store their belongings.

Collapse -

Try using SETACL

by neilb@uk In reply to VBScript that will automa ...

I use that a lot both from the command line and run from within vbscript.

http://setacl.sourceforge.net/

Collapse -

Unfortunately

by mail.aaron.kirk In reply to Try using SETACL

Neil setacl is not an option for the environment I'm working in.

True Blue,

I have tried doing some more tests with setting the owner using subinacl and this was working on friday. I now however am not getting any errors but it is not throwing an error and is keeping the original owner.

Any ideas?

Regards,

Aaron.

Collapse -

You

by Jacky Howe In reply to Unfortunately

had better explain in a bit more detail. What exactly do you mean "keeping the original owner". Are you trying to change ownership?

I personaly feel that users shouldn't be allowed to browse their Profile Directory. So long as the User and the Administrator have Full Control it should be sweet.

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums