No announcement yet.

Script to add groups to folders

  • Filter
  • Time
  • Show
Clear All
new posts

  • Script to add groups to folders

    I'm trying create a script that will allow active directory groups to be added to folders at the time of creation of the folder. The groups that will be added have their own specific rights that need to be applied. Right now, I am having to create the folder separately, go in and add the groups, then go and change each individual rights within the groups (very time consuming). Any insight on a script that will ease the process would be appreciated.

  • #2
    Re: Script to add groups to folders

    You might want to look at CACLS.
    To see an example of it in use in a VBScript.

    Btw, you may find the scripting subforum more useful for you for these sorts of questions.
    I don't know anything about (you or your) computers.
    Research/test for yourself when listening to free advice.


    • #3
      Re: Script to add groups to folders

      Moved to Scripting as most relevant place
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **


      • #4
        Re: Script to add groups to folders

        Originally posted by Maebe View Post
        You might want to look at CACLS.
        The tool cacls.exe comes with Windows versions that support NTFS.
        Cacls.exe is a command line tool, but You can run it also from within a batch or vbscript ( ).
        There is only one problem that is when replacing security using cacls, it will wait for a confirmation by the user.
        To solve this - you could pipe the character "Y" to the command line.
        But there are problems with that too,
        1. piping "Y" is not always reliable,
        2. In other languages you cannot send an "Y" for yes.
        A workaround for the different languages on clients, you can copy one version of cacls.exe to a share, then in your scripts use a path to the central cacls file.

        To solve all prolems above you can use Xcacls.exe.
        Place the tool in a central share on the network.
        Xcacls does not come with the Windows installation, the tool is available as a free download from the miscrosoft site.

        Note, there are two versions of Xcacls,
        1. Xcacls.exe,
        2. Xcacls.vbs
        If you search for Xcacls (or even search Xcacls.exe) you probably end up downloading the vbs version.
        The vbs version is unsupported and it still has some bugs,
        despide it is a good tool - but not suitable for your case because the vbs version does not support unc paths.

        Download the installer for Xcacls.exe to folder c:\downloads
        - unpack the installation-file using this command-line:
        "C:\downloads\xcacls_setup.exe" /C /T:"c:\downloads\"
        - Then, unpack the MSI-file, using this tool:
        - Locate the Xcacle.exe file, and copy it to the scripts folder in logonshare on the network

        Xcacls does support the /Y switch to replace the ntfs, without waiting for conformation!
        ( c:\downloads\xcacs.exe /? )

        You can use xcacls to;
        - add users or groups,
        - modify security the existing users or groups
        - replace the existing security.

        You can create a logon batch or vbscript.
        - The scripts determine the name of the user and create, if not already exist, the homefolder in the share.
        - Then it use xcacls to set the permissions on the Homefolder.
        The user becomes the Owner of the homefolder.

        You did not give details about how/when you want to run this script (batch or vbscript? run at user logon?)
        and if you want to add the groups to the existing ntfs permissions or replace the security?


        This posting is provided "AS IS" with no warranties, and confers no rights.


        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts