create and assign permissions on folders - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » create and assign permissions on folders

Page 1 of 1

Topic Options

#154648 - 2006-01-06 11:56 AM create and assign permissions on folders
BarryWhite BarryWhite Fresh Scripter Registered: 2005-10-24 Posts: 35 Loc: UK	Hello all, I'm trying to add some automation into my login script so that instead of having to create a home folder and profile folder manually, kix will check and autocreate if required. This is what I have so far, I'm creating the home folder but not the permissions. Any help to poing me in the right direction would be appreciated. ;File Server $FileServ = "servername" ;Root location of home folders $Home = "\\" + $FileServ + "home" ;Root location of profiles folders $Profile = "\\" + $FileServ + "profiles" ;Location of XCALS $XCALS = " + @ldrive + " If not exist ("\\" + $FileServ + "\home\" + @userid) md ("\\" + $FileServ + "\home\" + @userid) Shell $XCALS+'\xcacls.exe '"+$Home+" /T /g "Administrators":f '+@userid+':f "SYSTEM":f /Y' Else Endif Edited by BarryWhite (2006-01-06 03:14 PM)
Top

#154649 - 2006-01-06 12:43 PM Re: create and assign permissions on folders
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	I have a script for this at work... I'll post it in a few hours when I get there if someone hasn't beaten me to it. I found that it only works reliably for me, If I assign group/perms, one at a time /g administrators:f /g @userid:c /e /g system:f /e _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#154650 - 2006-01-06 01:15 PM Re: create and assign permissions on folders
BarryWhite BarryWhite Fresh Scripter Registered: 2005-10-24 Posts: 35 Loc: UK	Cheers Radimus Anything you have will be great.
Top

#154651 - 2006-01-06 02:57 PM

Re: create and assign permissions on folders

Radimus Offline

Moderator

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL

Code:



$h="$server\$dept\home\@userid"
if not exist($h)
	md $h
	if not @error
		$=sendmessage($dcsa,"Home Folder created at $h for @userid")
		shell "%comspec% /c echo y| cacls $h /t /c /g @ldomain\@userid:c"
		shell '%comspec% /c echo y| cacls $h /t /e /c /g "@ldomain\domain admins:f"'
		shell "%comspec% /c echo y| cacls $h /t /e /c /g @ldomain\$group"+"mis:c"
	else
		$=sendmessage($dcsa,"Home Folder was NOT created at $h for @userid")
		endif
	endif

_________________________
How to ask questions the smart way <-----------> Before you ask

Top

#154652 - 2006-01-06 03:58 PM Re: create and assign permissions on folders
BarryWhite BarryWhite Fresh Scripter Registered: 2005-10-24 Posts: 35 Loc: UK	Cheers Radimus Works like a charm.. Love this forum, thanks for the help.
Top

#154653 - 2006-01-06 07:22 PM Re: create and assign permissions on folders
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Quote: login script And just how does that work??? Your users have Admin rights to create and set permissions during logon? Not a very secure operation there.
Top

#154654 - 2006-01-06 08:28 PM Re: create and assign permissions on folders
BarryWhite BarryWhite Fresh Scripter Registered: 2005-10-24 Posts: 35 Loc: UK	Nope, they are domain users only. I have added 'create folders/append data' permissions on this folder only on the file servers home folder which is hidden. Also the users are on citrix with a locked down desktop and restricted GPO. No reg tools, cmd etc..
Top

#154655 - 2006-01-06 08:36 PM Re: create and assign permissions on folders
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Well then I still say it's the wrong way to do it. Very insecure. Just because you have hidden shares means little. Sooner or later that may get you into trouble because basically anyone can go anywhere and delete or alter anything. There are more and more users now days that starting to know more about how Windows operates and they do exploring on systems (I know they shouldn't, but they do). You've given the curious an easy way to gain access to things they shouldn't have access to. Ever been to TechEd? Ask Microsoft how many users destroyed their "locked down systems". They had to use Ghost to reset a lot of systems that were believed to be "secure". If following Best Practices can be hazardous in the hands of knowledgable people then skipping such practices because you don't have time to set permissions yourself may sooner or later cause an issue for you or someone else. Edited by NTDOC (2006-01-06 08:39 PM)
Top

#154656 - 2006-01-06 08:46 PM Re: create and assign permissions on folders
BarryWhite BarryWhite Fresh Scripter Registered: 2005-10-24 Posts: 35 Loc: UK	The users only have permission to create folders or files in the home folder only, not any subfolders appart from the one that has been auto created. They do not have permission to delete any other folders or files except the ones they have created. So it should be OK, even if they did manage to get to the hidden share they would only be able to view the folders that are there. What do you reckon?.
Top

#154657 - 2006-01-06 09:05 PM Re: create and assign permissions on folders
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	That is what I do... they could find their way to the home root share and create "unauthorized" folders, but couldn't get into others' folders _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#154658 - 2006-01-06 09:18 PM Re: create and assign permissions on folders
BarryWhite BarryWhite Fresh Scripter Registered: 2005-10-24 Posts: 35 Loc: UK	I'm also trying to create a profile folder if it doesn't exist but the problem is the client has divided the profile paths up in locations. So userA's profile path is \\servername\profiles\officeA\userA and userB's profile path is \\servername\profiles\officeB\userB I'm tying to think of the best way to get the $Profile to default to the right office for the user. So far I have this but need to add the office loaction in. $Profile = ("\\" + $FileServ + "\Profiles\" + @userid) if not exist($Profile) md $Profile shell "%comspec% /c echo y\| cacls $Profile /t /c /g @ldomain\@userid:c" shell '%comspec% /c echo y\| cacls $Profile /t /e /c /g "@ldomain\domain admins:f"' else endif Edited by BarryWhite (2006-01-06 09:21 PM)
Top

#154659 - 2006-01-07 12:25 AM Re: create and assign permissions on folders
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	tsk tsk tsk... Rad, and here I thought you were a real Administrator - and there you go taking shortcuts. Hey, if you guys are happy with it fine, but definetly NOT a best practice to follow.
Top

Page 1 of 1

Previous Topic View All Topics

Index Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org