|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Script to set user permissionsthe home directories of our users, but we lost all of the ACLs because these were not backed up in any form. The situation is that I now have 250 home directories all named by a user, and none of those users can access their own directory unless I set their permissions on each one. Since I don't want to have to do 250 permissions entries by hand, I need a script that can do it for me. The following is what is relevant to the script: 1. We can easily put all of the affected accounts into a special OU just for this script, so that the script doesn't need to have any filtering in it for what users it is working on. 2. The user's home directory is stored in their ADUC account as the Home Folder, whereby we have configured for drive H to be connected to this folder. It should therefore be possible to read this attribute to find the path that the ACE needs to be set on. 3. The permissions need to be Modify, and need to be made inheritable, and to propagate automatically to existing files. I think that covers enough info to be able to put a script together. I haven't done any scripting for years, although I'm an experienced programmer, and have mislaid the original scripts I wrote way back when we needed to create many of those user accounts automatically from a CSV file. Therefore any assistance this group can give in the form of a script outline would be most appreciated. TIA --
Show quote
Hide quote
"NZSchoolTech" <nzschoolt***@education.nz> wrote in message If the name of the folder is identical to the sAMAccountName of the user news:eS8vKmqgJHA.5844@TK2MSFTNGP05.phx.gbl... > I've had to set up a new server after a disk crash. We had backups of all > of the home directories of our users, but we lost all of the ACLs because > these were not backed up in any form. > > The situation is that I now have 250 home directories all named by a user, > and none of those users can access their own directory unless I set their > permissions on each one. > > Since I don't want to have to do 250 permissions entries by hand, I need a > script that can do it for me. The following is what is relevant to the > script: > > 1. We can easily put all of the affected accounts into a special OU just > for this script, so that the script doesn't need to have any filtering in > it for what users it is working on. > 2. The user's home directory is stored in their ADUC account as the Home > Folder, whereby we have configured for drive H to be connected to this > folder. It should therefore be possible to read this attribute to find the > path that the ACE needs to be set on. > 3. The permissions need to be Modify, and need to be made inheritable, and > to propagate automatically to existing files. > > I think that covers enough info to be able to put a script together. I > haven't done any scripting for years, although I'm an experienced > programmer, and have mislaid the original scripts I wrote way back when we > needed to create many of those user accounts automatically from a CSV > file. > > Therefore any assistance this group can give in the form of a script > outline would be most appreciated. account, there is a simpler method. First, apply the standard admin permissions to the folder containing the user home folders, and force this to be replicated to all contained folders. Then run a batch script such as this: for /d %%D in ("D:\users\*.*") do ( echo/cacls "%%~dpnxF" /g %%~nF:C /t ) if you are happy with the cacls commands displayed, change "echo/cacls" to "cacls". /Al fyi, cacls does not correctly traverse sub directories to apply
permissions, at least not in all situations. So it should not be relied
upon to fully set the permissions on all the files.
However, I believe a For loop similar to what Al Dunbar provided could be used to call SetACL, simplifying my vbscript approach. Remember, if my VBscript was retrofitted to use SetACL, the first pass (first occurrence of WScript.Run) would not be needed at all. -- acray ------------------------------------------------------------------------ acray's Profile: http://forums.techarena.in/members/acray.htm View this thread: http://forums.techarena.in/server-scripting/1112376.htmhttp://forums.techarena.in "acray" <acray.3n2o3d@DoNotSpam.com> wrote in message Interesting. Can you give an example or quote an authoritative source for news:acray.3n2o3d@DoNotSpam.com... > > fyi, cacls does not correctly traverse sub directories to apply > permissions, at least not in all situations. So it should not be relied > upon to fully set the permissions on all the files. this claim? "acray" <acray.3n2o3d@DoNotSpam.com> wrote in message That is why I suggested the first step of setting background admin news:acray.3n2o3d@DoNotSpam.com... > > fyi, cacls does not correctly traverse sub directories to apply > permissions, at least not in all situations. So it should not be relied > upon to fully set the permissions on all the files. permissions and replicating them from windows explorer - in the hope that this would configure subfolders to inherit all permissions. /Al Show quoteHide quote > However, I believe a For loop similar to what Al Dunbar provided could > be used to call SetACL, simplifying my vbscript approach. > > Remember, if my VBscript was retrofitted to use SetACL, the first pass > (first occurrence of WScript.Run) would not be needed at all. > > > -- > acray > ------------------------------------------------------------------------ > acray's Profile: http://forums.techarena.in/members/acray.htm > View this thread: http://forums.techarena.in/server-scripting/1112376.htm > > http://forums.techarena.in > 
Other interesting topics
Batch Script to parse lines in text file
Command line parameters? Get attributes of user list from AD Continued xcopy script run once script Monitor redundent processes running on the Windows Server send mail if ping faile WMI Script, access denied? Script for deleting folders + content in root of D:\ after # days Batch file to delete files dynamically |
|||||||||||||||||||||||
