Announcement

Collapse
No announcement yet.

Add User Folder Script

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Add User Folder Script

    Hi all and Happy New Year.

    I've searched around and Googled, but can't seem to find a script that will:

    1. Create a new folder for each user based on user name, but not shared out.
    2 . Assign NTFS permissions for the local Administrators Group, Creator, System, and user
    3. Remove Any other groups or users from the folder, ie Everyone or Domain Users
    4 . Remove the "Allow Inheritable....." option

    I found a script that creates and shares the folder, but don't need the sharing part (already taken care of at a higher level). The NTFS permissions are the important part.

    Thanks!!

  • #2
    Re: Add User Folder Script

    I don't see how this is related to Active Directory? Should this not be in Scripting? Post flagged.

    Rather than reusing someone elses script, create your own batch file. The first step is easy - use the %username% variable as the arguement for mkdir. One folder named after your username.

    The second part requires you to use lcacls if you're using Windows Vista... if you're not, then maybe you need to tell us that?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Add User Folder Script

      Sorry for posting in the wrong section. Just figured it was AD related, maybe a mod can move it to correct spot?

      We're not using Vista at all. Folders are to be created on a Win2K3 box that is being accessed by WinXP clients. Just need to create a folder for each user in our AD on that server and then set perms.

      Comment


      • #4
        Re: Add User Folder Script

        Then the command you need to use is cacls. As with other CLI apps, use the /? flag to see its usage.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Add User Folder Script

          Working on it. Looks like a script I found and xcacls.vbs are going to do the trick.

          Thanks.

          Comment


          • #6
            Re: Add User Folder Script

            Originally posted by gforceindustries View Post
            I don't see how this is related to Active Directory? Should this not be in Scripting? Post flagged.

            Rather than reusing someone elses script, create your own batch file. The first step is easy - use the %username% variable as the arguement for mkdir. One folder named after your username.

            The second part requires you to use lcacls if you're using Windows Vista... if you're not, then maybe you need to tell us that?
            Or create one script that can handle both methods. Merely check for the existence of icacls.exe and branch on that.
            With Vista, you can still use cacls.exe it just has less functionality and is considered deprecated.
            Last edited by ahinson; 2nd January 2009, 23:26.
            Andrew

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Re: Add User Folder Script

              Why would you want to remove the 'Allow Inheritable permissions'?
              This way you lock your self. For example, If in the future you will have to add access to 'BackupServer' account without adding it to the Administrators group, you'll find it hard to apply the settings on all sub folders (since they are not inheriting permissions).

              You can simply create a shared folder and set the permissions on it as follows:
              Administrators --> Full Control --> This folder, sub folders and files
              Users --> Create Folders / Append data --> This folder only
              Creator Owner --> Full Control --> Subfolders and files

              then, all you have to do is use the following command in your login script:
              if not exist \\server\share\%username% md \\server\share\%username%

              Comment


              • #8
                Re: Add User Folder Script

                I know there hasn't been a post added to this in a while, but for future purposes and references, helpful information regarding lcacls.exe, including usage of OI (Obect Inheritance) & IO (Inherit Only) can be found here.

                http://support.microsoft.com/kb/318754
                How to use Xcacls.exe to modify NTFS permissions

                http://support.microsoft.com/kb/135268/
                How to Use CACLS.EXE in a Batch File

                Best of luck.
                Last edited by fergie; 29th June 2009, 15:13. Reason: Spelling & Grammar
                MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

                Comment

                Working...
                X