Announcement

Collapse
No announcement yet.

VBScript to change NTFS permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VBScript to change NTFS permissions

    I'm trying to change the NTFS permissions on a remote folder but I can't even get it working on my local machine. My code is as follows

    Code:
    user="jdoe"
    path="c:\Test"
    
    Set shell = CreateObject("wscript.shell") 
    comand_string = "xcacls" & path & "/t /g domainName\" & user & ":f /y"
    
    shell.run command_string, 7, True
    My error is:

    Line 6, Char 1: Invalid procedure call or argument Code: 800A0005
    What gives? Thanks.

  • #2
    Re: VBScript to change NTFS permissions

    First few links here suggest some alternative ways:
    http://www.google.co.uk/search?hl=en...missions&meta=
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: VBScript to change NTFS permissions

      Originally posted by mhashemi View Post

      1. user="jdoe"
      2. path="c:\Test"
      3. '
      4. Set shell = CreateObject("wscript.shell")
      5. comand_string = "xcacls" & path & "/t /g domainName\" & user & ":f /y"
      6. '
      7. shell.run command_string, 7, True


      My error is:

      Line 6, Char 1: Invalid procedure call or argument Code: 800A0005
      What gives? Thanks.
      Error at Line 6 first character ?

      For the purpose of troubleshooting replace this line,
      shell.run command_string, 7, True
      with the line,
      wscript.echo command_string
      Then you will discover that command_string is an undefined variable.
      When you've fix that, you will also see the command line is missing spaces around the path. And the path is not between quotes.

      I assume you are using xcacls.exe , not xcacls.vbs (the vbs version does not support unc-paths)

      - try,
      1. user="jdoe"
      2. path="c:\Test"
      3. '
      4. Set shell = CreateObject("wscript.shell")
      5. command_string = "xcacls.exe """ & path & """ /t /g domainName\" & user & ":f /y"
      6. '
      7. shell.run "cmd /c " & command_string, 7, True



      \Rems
      Last edited by Rems; 27th July 2010, 19:08.

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: VBScript to change NTFS permissions

        Oops, I added a line between the last two after I wrote the post so 6 became blank

        Okay, I know that what you posted works and I know that the following also works:

        Code:
        strFileServer = "fileServerName"
        strUser = "jDoe"
        Set objWMIService = GetObject ("winmgmts:\\" & strFileServer & "\root\cimv2:Win32_Process")
        objWMIService.Create ("cmd.exe /c md mkdir c:\test" & strUser, Null, Null, intProcessID)
        So, I should be able to reuse the object, no? I run the following:

        Code:
        strFileServer = "fileServerName"
        strPath = "pathOnFileServer"
        strUser = "jDoe"
        Set objWMIService = GetObject ("winmgmts:\\" & strFileServer & "\root\cimv2:Win32_Process")
        objWMIService.Create ("cmd.exe /c md mkdir " & strPath & "strUser", Null, Null, intProcessID)
        command_string = "xcacls.exe """ & strPath & """ /T /E /G domainName\" & strUser & ":C /y"
        objWMIService.Run "cmd /c " & command_string, 7, True
        Instead, it complains about line 5, char 96. Cannot use parentheses when calling a sub. That's almost the exact same line as I used in the snippet above, only this time, I made the path a variable.

        It doesn't look like a quotes problem but I can't get far enough to echo the command string.

        Comment


        • #5
          Re: VBScript to change NTFS permissions

          Originally posted by mhashemi View Post
          So, I should be able to reuse the object, no? I run the following:
          <...>
          objWMIService.Run "cmd /c " & command_string, 7, True
          No won't work!, the object doesn't support the Run method.


          <...>
          Instead, it complains about line 5, char 96. Cannot use parentheses when calling a sub. That's almost the exact same line as I used in the snippet above, only this time, I made the path a variable.
          It doesn't look like a quotes problem but I can't get far enough to echo the command string.
          The snippet you showed doesn't work eighter. MD mkdir => are two commands, use only one.
          (MD is almost the same as MKDIR. MKDIR can when 'Command Extensions' are not disabled, also create any intermediate directories in the path, if needed)

          path as a variable:
          objWMIService.Create ("cmd.exe /c md """ & strPath & "\" & strUser & """", Null, Null, intProcessID)


          \Rems
          Last edited by Rems; 28th July 2010, 00:03.

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: VBScript to change NTFS permissions

            It really does't like some parenthesis.

            Code:
            strFileServer = "serverName"
            strpath = "C:\test"
            strSam = jDoe
            Set objWMIService = GetObject ("winmgmts:\\" & strFileServer & "\root\cimv2:Win32_Process")
            objWMIService.Create ("cmd.exe /c md """ & strPath & "\" & strSam & """", Null, Null, intProcessID)
            results in

            Line 5, Char 101 Cannot use parentheses when calling a Sub
            Last edited by mhashemi; 29th July 2010, 22:51. Reason: fixed error message

            Comment


            • #7
              Re: VBScript to change NTFS permissions

              this works,

              errReturn = objWMIService.Create ("cmd.exe /c md """ & strPath & "\" & strSam & """", Null, Null, intProcessID)

              else, don't use parentheses:

              objWMIService.Create "cmd.exe /c md """ & strPath & "\" & strSam & """", Null, Null, intProcessID

              or, you could probably also use,

              call objWMIService.Create ("cmd.exe /c md """ & strPath & "\" & strSam & """", Null, Null, intProcessID)


              \Rems
              Last edited by Rems; 29th July 2010, 23:12.

              This posting is provided "AS IS" with no warranties, and confers no rights.

              __________________

              ** Remember to give credit where credit's due **
              and leave Reputation Points for meaningful posts

              Comment


              • #8
                Re: VBScript to change NTFS permissions

                Here's what I've got now:

                Code:
                strSam = "jdoe"
                strComputer = "serverName"
                strDomain = "domainName"
                
                dim filesys, newfolder, newfolderpath 
                newfolderpath = "\\" & strComputer & "\f$\users\" & strSam 
                set filesys=CreateObject("Scripting.FileSystemObject") 
                If Not filesys.FolderExists(newfolderpath) Then 
                  Set newfolder = filesys.CreateFolder(newfolderpath) 
                  wscript.echo("A new folder has been created at: " & newfolderpath) 
                End If
                
                Const FILE_SHARE = 0
                Const MAXIMUM_CONNECTIONS = 25
                Set objWMIService = GetObject ("winmgmts:\\" & strComputer & "\root\cimv2")
                Set objNewShare = objWMIService.Get("Win32_Share")
                errReturn = objNewShare.Create ("F:\users\" & strSam, strSam & "$", FILE_SHARE, MAXIMUM_CONNECTIONS, "share")
                wscript.echo errReturn
                
                Set objShell = CreateObject("wscript.shell")
                command_string = "xcacls.exe """ & newfolderpath & """ /T /E /G " & strDomain & "\" & strSam & ":C /y"
                objShell.run "cmd /c " & command_string, 7, True
                This code creates a directory, shares it, then adds the user (jdoe) with Modify rights. It seems to work without error, except for one thing.

                When I click on the security tab of the directory, I get the following message:

                The permissions on folderName are incorrectly ordered, which may cause some entries to be ineffective. Press OK to continue and sort the permissions correctly, or Cancel to reset the permissions
                If I click OK, I see the inherited permissions, as well as the one I added. If I click Cancel, I see that "Everyone" is given full control. That's bad.

                How do I work around this? Thanks.

                Comment


                • #9
                  Re: VBScript to change NTFS permissions

                  For anyone who may be wondering what's up with this, my code currently looks like this:

                  Code:
                  Function createShare(strSam)
                  	Dim strComputer, filesys, newfolder, newFolderPath, objShell, command_string
                  	strComputer	= "fileServer"
                  	strDomain = "domain"
                  
                  	'creates the folder
                  	newFolderPath = "\\fileServer\f$\users\salesReps\" & strSam 
                  	set filesys=CreateObject("Scripting.FileSystemObject") 
                  	If Not filesys.FolderExists(newFolderPath) Then 
                  		Set newfolder = filesys.CreateFolder(newFolderPath) 
                  	End If
                  
                  	'adds user to acl with modify rights
                  	Set objShell = CreateObject("wscript.shell")
                  	command_string = "icacls " & newFolderPath & " /grant domain\" & strSam & ":(M)"
                  	objShell.run "cmd /c " & command_string, 7, True
                  
                  	'shares folder as username$
                  	FILE_SHARE = 0
                  	MAXIMUM_CONNECTIONS = 25
                  	Set objWMIService = GetObject ("winmgmts:\\" & strComputer & "\root\cimv2")
                  	Set objNewShare = objWMIService.Get("Win32_Share")
                  	errReturn = objNewShare.Create ("F:\users\salesReps\" & strSam, strSam & "$", FILE_SHARE, MAXIMUM_CONNECTIONS, "q drive")
                  	wscript.echo errReturn
                  	wscript.echo command_string
                  End Function
                  It works will but with one little thing. I'm reading the user info in from a .csv file and one of the test users keeps showing up only as a SID in the directory's ACL. The correct checkboxes are filled so it looks like he's got permissions applied right, but his name is not displayed.
                  Last edited by mhashemi; 5th August 2010, 22:44. Reason: fixed the code snippet

                  Comment

                  Working...
                  X