Logon script to create folder and security? 2

[globalg]

Hi,
I have been using the excellent logon script from markdmac for sometime in a win2003 domain. I cannot script at all and wondered if it is possible to add to this. I would like to create a folder for each user, then assign security to that folder so that only the user can access data in these folders? This can be done manualy & is probably too complicated but thought I would ask all the same..

Cheers

G

 

[djtech2k]

This can be done with scripting or be done with GPO. If you use folder redirection, there are options that will allow the the gpo to create the directory and set permissions.

 

[globalg]

Hi again & thanx for your time.
Dont really want to do it with folder redirection [GPO], these files will be created only once, then accessed only by the folder owner and 1 other specified user.

I did start to do this using the ADUC profile but it doesnt assign trhe security.

Thanx

 

[globalg]

Hi,
I have read many good thinhs about xcacls vut I wonder if anyone has had this operational with Excel or txt files that have lists of users and permissions?

The reason I ask is that I have created a directory on a NAS device that has 230 folders inside. The top level folder can be shared with everyone, but each folder under it must only be accessed by userHR [read], userFinance [read/write] & the %USERNAME%.

-TOP_LEVEL_FOLDER - share everyone
++++++User1 - userHR(r), userFinance(rw), User1(rwd)
++++++User2 - userHR(r), userFinance(rw), User2(rwd)
++++++UserHR - userHR(rW), userFinance(rw)

As you may imagine to do this manually is taking hours of time..

Thanx again

G

 

[markdmac]

Yes, this can certainly be done with script. I've written scripts for my Admin Script Pack that enumerate the folders and set the permissions using XCACLs.

I've also done versions of the above that enumerate users, check if they have a folder and if not create the folder, set the permissions and share the folder as a hidden share.

Al you need to do is first figure out what XCACLs commands you need to execute. You can then use a WSCRIPT.RUN to execute those commands.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[globalg]

Thanx Mark,
One last question if I may, in part of your original script it grabs the username

'Grab the user name
UserString = WSHNetwork.UserName
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

If I then want to map a drive which one of the following would suffice, assuming I have already created folders?

WSHNetwork.MapNetworkDrive "W:", "\\server\Personnel\%USERNAME%",True
or
WSHNetwork.MapNetworkDrive "W:", "\\server\Personnel\ & UserString",True

Again many thanx for you valuable time.
G

 

[PHV]

WSHNetwork.MapNetworkDrive "W:", "\\server\Personnel\" & UserString, True

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ181-2886

 

[markdmac]

And if you are not enumerating groups, you don't need this line:
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[globalg]

Hi.
This has now been resolved thanx to your excellent responses.

Gary