Photo Gallery Member List Search Calendars FAQ Ticket List Log Out


Re: Set NTFS permissions

  		Logged in as: Guest
arrSession:exec spGetSession 2,2,2603
Active Users: There are 0 members and 0 guests.
Users viewing this topic: none
 

 

  
 
  Printable Version
All Forums >> [Scripting] >> WSH & Client Side VBScript >> Re: Set NTFS permissions
  Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks! 		Page: <<   < prev  1 [2] 3   next >   >>
Login
Message << Older Topic   Newer Topic >>
Re: Set NTFS permissions - 4/7/2005 7:53:28 PM   
  cjwallace

 

Posts: 484
Score: 0
Joined: 3/5/2005
From: United Kingdom
Status: offline
quote:
Originally posted by token

Ok, I was wondering if the space in the group name (DOMAIN ADMINS and DOMAIN USERS) was the cause of the problem.




Hi Token, sorry my mistake. this is the code i have in my batch file

xcacls h:\Profile /t /e /G LONDON\ADMINISTRATOR:F "LONDON\DOMAIN ADMINS":F "LONDON\DOMAIN USERS":RCEW LONDON\HELPDESK:F /C /Y

What do i need to change \ add to get this to work with vbs?

Thanks to everyone for there help on this one.

(in reply to Sir Suckalot)
 
 
Post #: 21
 
Re: Set NTFS permissions - 4/8/2005 2:43:08 AM   
  token

 

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline 		Replace:

xcacls h:\Profile /t /e /G LONDON\ADMINISTRATOR:F "LONDON\DOMAIN ADMINS":F "LONDON\DOMAIN USERS":RCEW LONDON\HELPDESK:F /C /Y

with:

shell.run("xcacls h:\Profile /t /e /G LONDON\ADMINISTRATOR:F ""LONDON\DOMAIN ADMINS"":F ""LONDON\DOMAIN USERS"":RCEW LONDON\HELPDESK:F /C /Y")

(in reply to Sir Suckalot)
 
 
Post #: 22
 
Re: Set NTFS permissions - 4/8/2005 3:19:36 AM   
  cjwallace

 

Posts: 484
Score: 0
Joined: 3/5/2005
From: United Kingdom
Status: offline 		Cheers Token that worked a treat.

My next issue, is there a way for the script to look at the permissions and if they are already there not apply them?

Thanks in advance

(in reply to Sir Suckalot)
 
 
Post #: 23
 
Re: Set NTFS permissions - 4/8/2005 5:39:27 AM   
  didorno

 

Posts: 361
Score: 0
Joined: 2/12/2005
From:
Status: offline 		Is there any difference between xcacls and cacls ?

(in reply to Sir Suckalot)
 
 
Post #: 24
 
Re: Set NTFS permissions - 4/8/2005 6:13:05 AM   
  mbouchard


Posts: 1804
Score: 12
Joined: 5/15/2003
From: USA
Status: online 		Cacls is an old dos command that has been around for quite sometime, while xcacls is relativly new, came with Win2000 resource kit if I remember correctly. And while they have the same base functionality, xcacls gives you more.

(in reply to Sir Suckalot)
 
 
Post #: 25
 
Re: Set NTFS permissions - 4/8/2005 7:04:41 AM   
  token

 

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline 		cjwallace, No problem. Yes there is, but it's abit complicated I don't think it's worth the trouble. When you actually have codes to check the permission to see if they exist, you could just actually write the same permission. Why bother with the checking process ?

didorno, xcacls and cacls differ in that xcacls has a x in front of it =)

xcacls is vbs based that allows you to modify the ace in a more granular way than cacls provides.

(in reply to Sir Suckalot)
 
 
Post #: 26
 
Re: Set NTFS permissions - 4/9/2005 3:42:14 AM   
  cjwallace

 

Posts: 484
Score: 0
Joined: 3/5/2005
From: United Kingdom
Status: offline
quote:
Originally posted by token

cjwallace, No problem. Yes there is, but it's abit complicated I don't think it's worth the trouble. When you actually have codes to check the permission to see if they exist, you could just actually write the same permission. Why bother with the checking process ?


Hi Token. Thanks for the reply. What i want to do with the above script is put it in our login script to change the permissions on the users roaming profile. but i dont want it to run each time the user logs in and only run if the permissions above are not present.

Do you know how i may achive it? or point me in the right direction?

Many thanks

(in reply to Sir Suckalot)
 
 
Post #: 27
 
Re: Set NTFS permissions - 4/9/2005 5:41:34 AM   
  didorno

 

Posts: 361
Score: 0
Joined: 2/12/2005
From:
Status: offline 		I ask this because I normaly use cacls after
making images with Drive Image 2002.
Standard I get no access to the resulting pqi files.

With your answers in mind I will take a look
to the additional possibilities of Xcacls.

Thank you, mbouchard and token !

(in reply to Sir Suckalot)
 
 
Post #: 28
 
Re: Set NTFS permissions - 4/9/2005 9:03:17 AM   
  token

 

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline 		cjwallace, perhaps you didn't get what I was saying.

Let me try it again. You said "I dont want it to run each time the user logs in and only run if the permissions above are not present." If you do that, you will first check to see what the permissions are, list ALL of them, and compare them based on a condition. Based on your previous request, you will need to have at least two conditions to check for Administrators and Domain Admins. If they failed (meaning if there are OTHER users that belong to that group, say three other users), you will delete those three users. Or you can just add Administrators and Domain Admins back (which are just two users) and overwrite the existing ACL.

Now, lets do some analysis here. If the above conditions holds true, you will need to perform AT LEAST two iterations (for checking Administrators and Domain Admins) plus the one iteration of OVERWRITING the ACL (more if you want to modify existing instead of overwrittin the exsiting ACL). That is three iterations (or 3 things in general) that the scripts need to do.

If you just overwrite the ACL like you did before, that is only ONE thing the scsript needs to do. It has two benefits. First of which is it is more efficient (I believe that's what you want) and secondly, it does the exactly what you want to do.

My question is then, why bother with the less efficient method when both achieves the same result desired ?

Again, the general idea is this. If you want to determine whether "something" EXIST or not and if not, ADD those "something". Why don't you just go ahead and ADD them anyway ? If they are there, then you don't need to ADD those something, but you still spent time on CHECKING the existence of those something when the time you spent could be easily use to ADD them instead.

(in reply to Sir Suckalot)
 
 
Post #: 29
 
Re: Set NTFS permissions - 4/10/2005 12:42:53 AM   
  cjwallace

 

Posts: 484
Score: 0
Joined: 3/5/2005
From: United Kingdom
Status: offline 		Hi Token.I am still not sure what it is i need to do.

Are you saying i need to use an IF Exist command?

Im really sorry but i just cant work this one out, as i have said before i am new to vb script

(in reply to Sir Suckalot)
 
 
Post #: 30
 
Re: Set NTFS permissions - 4/11/2005 12:04:53 AM   
  cjwallace

 

Posts: 484
Score: 0
Joined: 3/5/2005
From: United Kingdom
Status: offline 		Hi guys, another fix to my problem might be stopping the dos box from opening and displaying all the files it is changing the permissions for

How can i stop the command window from opening?

Below is my code

shell.run("xcacls h:\Profile /t /e /G LONDON\ADMINISTRATOR:F ""LONDON\DOMAIN ADMINS"":F ""LONDON\DOMAIN USERS"":RCEW LONDON\HELPDESK:F /C /Y")

Thanks in advance

(in reply to Sir Suckalot)
 
 
Post #: 31
 
Re: Set NTFS permissions - 4/11/2005 1:53:22 AM   
  token

 

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline 		Replace:

shell.run("xcacls h:\Profile /t /e /G LONDON\ADMINISTRATOR:F ""LONDON\DOMAIN ADMINS"":F ""LONDON\DOMAIN USERS"":RCEW LONDON\HELPDESK:F /C /Y")

with:

shell.run "xcacls h:\Profile /t /e /G LONDON\ADMINISTRATOR:F ""LONDON\DOMAIN ADMINS"":F ""LONDON\DOMAIN USERS"":RCEW LONDON\HELPDESK:F /C /Y",0

Zero (0) at the end will hide the DOS window.

(in reply to Sir Suckalot)
 
 
Post #: 32
 
Re: Set NTFS permissions - 4/11/2005 2:13:47 AM   
  cjwallace

 

Posts: 484
Score: 0
Joined: 3/5/2005
From: United Kingdom
Status: offline
quote:
Originally posted by token

Replace:

shell.run("xcacls h:\Profile /t /e /G LONDON\ADMINISTRATOR:F ""LONDON\DOMAIN ADMINS"":F ""LONDON\DOMAIN USERS"":RCEW LONDON\HELPDESK:F /C /Y")

with:

shell.run "xcacls h:\Profile /t /e /G LONDON\ADMINISTRATOR:F ""LONDON\DOMAIN ADMINS"":F ""LONDON\DOMAIN USERS"":RCEW LONDON\HELPDESK:F /C /Y",0

Zero (0) at the end will hide the DOS window.



Thanks Token, as ever you have given me the solution the problem..Thank you that works a treat.

My next issue is. We are moving our profile to a new server etc.

At the moment the user can see his or her profile but shortly we are moving them to \\server\profile$\%username%

Now with my script above would i just have to change xcacls h:\Profile to xcacls \\server\profile$\%username%

Many thanks Token for your time

Cheers

(in reply to Sir Suckalot)
 
 
Post #: 33
 
Re: Set NTFS permissions - 4/11/2005 2:30:41 AM   
  token

 

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline 		If you intend to run that from a logon script, all you have to do is change %USERNAME% to reflect the actual user logon name. This can be easily achieved using the NETWORK object.

network = CreateObject("WScript.Network")
username = network.UserName

then the line would become:

shell.run "xcacls \\server\profile$\" & username & " /t /e /G LONDON\ADMINISTRATOR:F ""LONDON\DOMAIN ADMINS"":F ""LONDON\DOMAIN USERS"":RCEW LONDON\HELPDESK:F /C /Y",0

(in reply to Sir Suckalot)
 
 
Post #: 34
 
Re: Set NTFS permissions - 4/11/2005 2:58:39 AM   
  cjwallace

 

Posts: 484
Score: 0
Joined: 3/5/2005
From: United Kingdom
Status: offline 		Hi Token. Do you know if what you said will work on windows 2000.

I have tried what you said in our login script but it is not changing the permissions

Below is my login script. Look under Domain Users for the code you said to try

-----------------------------------------

On Error Resume Next
Dim WshNetwork, asdPath, User
Dim strMappedDrives, strStatus
Dim IE
Dim objFSO

set shell = createobject("wscript.shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

rem Const ADS_READONLY_SERVER = 5

' Display IE status window

Call CreateIE()
strStatus = "Please call x6440 with any Login issues " & Date()
ie.document.all.wstatus.InnerText = strMsg3

' Get the User ID

Set WSHNetwork = WScript.CreateObject("WScript.Network")
strUser = ""
While strUser = ""
strUser = WSHNetwork.UserName
Wend

ie.document.all.Msg1.InnerText = strUser

call main()

strStatus = strStatus & vbCRLF & "Withers LLP London Network Logon Complete..."
ie.document.all.wstatus.InnerText = strStatus


' Close IE status window

If not ie.document.all.holdit.checked then
ie.quit()
End if

' End of logon script

Public Sub Main()

'Main loop to detect group that user belongs to

Set objUser = GetObject("WinNT://WITHERS/" & strUser & ",user")
Set dso = GetObject("WinNT:")
For Each Prop In objUser.groups
rem Msgbox Prop.Name

if Prop.Name = "LN Photos" then
Call LNPhotos()
end if

if Prop.Name = "LN DigitalPhotos" then
Call LNDigitalPhotos()
end if

if Prop.Name = "LN Helpdesk" then
Call Helpdesk()
end if

if Prop.Name = "LN Systems" then
Call LondonSystems()
end if

if Prop.Name = "Domain Users" then
Call DomainUsers()
end If

'etc

Next 'Prop

End Sub

Sub LNPhotos()

strStatus = strStatus & vbCRLF & "Member of Marketing Digital Photos..."
ie.document.all.wstatus.InnerText = strStatus

MapDrive "P:", "\\hebe\digitalphotos"

End Sub

Sub LNDigitalPhotos()

strStatus = strStatus & vbCRLF & "Member of JDM Digital Photos..."
ie.document.all.wstatus.InnerText = strStatus

MapDrive "P:", "\\hebe\digitalphotos"

End Sub

Sub LNHelpdesk()

strStatus = strStatus & vbCRLF & "Member of London Helpdesk..."
ie.document.all.wstatus.InnerText = strStatus

MapDrive "I:", "\\Hyperion\itstuff"
MapDrive "Y:", "\\LNFS01\home$"
MapDrive "Z:", "\\LNFS01\Profile$"

End Sub

Sub LNSystems()

strStatus = strStatus & vbCRLF & "Member of London Systems Team..."
ie.document.all.wstatus.InnerText = strStatus

MapDrive "I:", "\\Hyperion\itstuff"
MapDrive "Y:", "\\LNFS01\home$"
MapDrive "Z:", "\\LNFS01\profile$"


End Sub

Sub DomainUsers()

strStatus = strStatus & vbCRLF & "Member of London Domain Users..."
ie.document.all.wstatus.InnerText = strStatus

shell.run ("net time \\LNDC02 /set /yes")

MapDrive "S:", "\\poseidon\data"
MapDrive "V:", "\\poseidon\apps"

shell.run ("net use \\atlas\crispdata")

network = CreateObject("WScript.Network")
username = network.UserName
shell.run "xcacls \\LNFS01\profile$\" & username & " /t /e /G WITHERS\ADMINISTRATOR:F ""WITHERS\DOMAIN ADMINS"":F ""WITHERS\LN HELPDESK:F"" /C /Y",0

End Sub

Sub CreateIE()

On Error Resume Next
Set IE = CreateObject("InternetExplorer.Application")
With IE
.navigate "\\Lndc01\SYSVOL\withers.net\scripts\LN\logon.htm"
.resizable=0
.height=470
.width=350
.menubar=0
.toolbar=0
.statusBar=0
.visible=1
End With

SecondsToDelay = "2"
Wscript.Sleep(SecondsToDelay * 2000)

End Sub

Sub MapDrive(strDrive,strShare)

On Error Resume Next
WSHNetwork.MapNetworkDrive strDrive, strShare

If Err.Number Then

WSHNetwork.RemoveNetworkDrive strDrive
WSHNetwork.MapNetworkDrive strDrive, strShare

End If

strMappedDrives = strMappedDrives & strDrive & " "
ie.document.all.Msg2.InnerText = strMappedDrives

End Sub

(in reply to Sir Suckalot)
 
 
Post #: 35
 
Re: Set NTFS permissions - 4/11/2005 7:18:45 AM   
  token

 

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline 		You might have to speecify the absolute path for the xcacls.vbs and cscrit.exe

shell.run "cmd /c c:\windows\system32\cscript \\LNFS01\share\xcacls.vbs \\LNFS01\profile$\" & username & " /t /e /G WITHERS\ADMINISTRATOR:F ""WITHERS\DOMAIN ADMINS"":F ""WITHERS\LN HELPDESK:F"" /C /Y",0

(in reply to Sir Suckalot)
 
 
Post #: 36
 
Re: Set NTFS permissions - 4/11/2005 7:54:44 AM   
  cjwallace

 

Posts: 484
Score: 0
Joined: 3/5/2005
From: United Kingdom
Status: offline 		Thanks Token. i will give it a go first thing tomorrow

Cheers for your help

(in reply to Sir Suckalot)
 
 
Post #: 37
 
Re: Set NTFS permissions - 4/11/2005 8:18:51 AM   
  token

 

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline 		Again, you're welcome =)

(in reply to Sir Suckalot)
 
 
Post #: 38
 
Re: Set NTFS permissions - 4/13/2005 12:22:41 AM   
  Sir Suckalot

 

Posts: 25
Score: 0
Joined: 3/14/2005
From: Canada
Status: offline 		Back from my travels...

With the () after shell.run, my script works great. If I remove them, no error but permissions are not changed...

Set shell = CreateObject("WScript.Shell")
shell.run("xcacls.vbs \\monnt2\users\" &Username& " /I REMOVE /T /G CA\" &Username& ":F /Q")

I'll never say it enough, thanks to Token and all those who help the newbies like me work through vbscript.

(in reply to Sir Suckalot)
 
 
Post #: 39
 
Re: Set NTFS permissions - 4/13/2005 7:17:05 AM   
  token

 

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline 		uhh.. I can't be sure what exactly was your problem ;P

Replace:

shell.run("xcacls.vbs \\monnt2\users\" &Username& " /I REMOVE /T /G CA\" &Username& ":F /Q")

with:

shell.run "cmd /c c:\windows\system32\cscript.exe xcacls.vbs \\monnt2\users\" & Username & " /I REMOVE /T /G CA\" & Username & ":F /Q", 0

Does that help ?

(in reply to Sir Suckalot)
 
 
Post #: 40
 
 
Page:  <<   < prev  1 [2] 3   next >   >>
 
 

If you found our site useful please link to us <a href="http://www.visualbasicscript.com">VisualBasicScript.com</a>.
All Forums >> [Scripting] >> WSH & Client Side VBScript >> Re: Set NTFS permissions Page: <<   < prev  1 [2] 3   next >   >>
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.5.5 ANSI