Sign in to follow this  
Followers 0

Users Profile Folders

63 posts in this topic

Posted

Okay let's go slow:

1. create a new Folder under your C:\ drive called "test"

2. Edit the ACL of that folder by the following:

Under Advanced settings:

Break the inheritance and copy the settings from the parent foler (in this case C:\)

Remove all ACL settings Except the FullControls of Administrators and SYSTEM

Under "Normal Settings":

Add the "Users" group and greant them "ListFolder" rights only

Under Advanced settings:

Change the inheritance of the Users Group to "This folder only"

3. Compile and run this script:

#RequireAdmin
#AutoIt3Wrapper_Change2CUI=y
#include <file.au3>
Dim $a_users
Dim $s_userfolder = "c:\test\"
_FileReadToArray("test.txt", $a_users)
For $i = 1 To $a_users[0]
	ConsoleWrite(DirCreate( $s_userfolder & $a_users[$i]) & @CRLF)
	RunWait("ICACLS.exe " & $s_userfolder & $a_users[$i] & " /grant test:(OI)(CI)(RX,W,DC)")
Next
MsgBox(0,"Done","Check Console output!")

Tell me what's your output!

.. And nobody said you'd be an idiot at all.

Share this post


Link to post
Share on other sites



Posted

well i tired every different way I know of to get that array to work and still the same issue , it will make the folder , but will not set any of the security settings or permissions ..

and for some reason even putting END after the WEnd the script still runs and i have to right click on it to exit it out ..

never though it would be this hard .. here are the different ways i tried the array with no luck ..

You're supposed to put END at the end of the text file not the script

Share this post


Link to post
Share on other sites

Posted

You're supposed to put END at the end of the text file not the script

Sorry Rcmaehl

been getting confused with everyone saying try Icacls, or just the cacls .. but still cant get yours to work .. when i sub out "c:\username" for the array , it will make the folder , i get the pop up that says everything is done .. but when i get the folder nothing was set :mellow:

Share this post


Link to post
Share on other sites

Posted

Sorry Hannes, didn't work again .. in fact is crashed my system again .. hit f5 to run the script and open hundreds of them again and crashed ..

plus not sure why i have to make the folder and set the permission , that is the whole point of this is to make the users folder and set the permissions .. the trouble seems to be when i try to use the txt file with the list of usernames ..

but thanks for the help ..

Share this post


Link to post
Share on other sites

Posted

Maybe it would be a good start by using 5 to 10 test entries in your input file instead of 200.

Well setting this rights is to ensure that the users do not get the right to see each other's files.

If you are in a domain enviroment and want to set rights to the domain users you need to write the user name like mydomain\username .

Share this post


Link to post
Share on other sites

Posted

I only have 1 entry in the test file right now ... nothing else ..

yea i know that part, once i get everything working i will be switching a lot of the c:\ stuff to \\servername\profile and changing the "username" to \\domain\username ..

my goal was to first get it working on my computer before i started playing around with live servers and users ..

but if i have to manual go set every folder that this program makes then it's pointless to keep going .. the whole point so for this script to do it for me .. its easy to have the script make all the folders ..

thanks

Share this post


Link to post
Share on other sites

Posted (edited)

I'm trying to figure it out myself. I've been screwing around with my script for a while. Can you run this and paste the console output:

#include <File.au3>

;Making of the folders from a txt file;

Global $User, $Line

$Line = 1

While 1
    $User = FileReadLine("test.txt", $Line)
    If Not ($User == "END") Then
        DirCreate("c:\"&"\"&$User)
        $Line += 1
    Else
        MsgBox(0x0, "Done", "END Encountered, Script is Done.")
        Exit(0)
    EndIf

    ; Removing the Inheritance Flag ;

    RunWait(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /I Copy', @ScriptDir, @SW_HIDE)
    ConsoleWrite(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /I Copy', @ScriptDir, @SW_HIDE)

    ; deleting "users" from the folder;

    RunWait(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /E /T /R "local\Users"', @ScriptDir, @SW_HIDE)
    ConsoleWrite(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /E /T /R "local\Users"', @ScriptDir, @SW_HIDE)

    ; give admins owernship ;

    RunWait(@ComSpec & ' /c c:\subinacl /subdirectories "' & $USER & '" /setowner="Administrator"', @ScriptDir, @SW_HIDE)
    ConsoleWrite(@ComSpec & ' /c c:\subinacl /subdirectories "' & $USER & '" /setowner="Administrator"', @ScriptDir, @SW_HIDE)

     ; give myself full controll ;

    RunWait(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /E /T /G domain\username:F', @ScriptDir, @SW_HIDE)
    ConsoleWrite(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /E /T /G domain\username:F', @ScriptDir, @SW_HIDE)

     ; give user full controll ;

    RunWait(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /E /T /G domain\username:F', @ScriptDir, @SW_HIDE)
    ConsoleWrite(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /E /T /G domain\username:F', @ScriptDir, @SW_HIDE)
    
WEnd
Edited by rcmaehl

Share this post


Link to post
Share on other sites

Posted (edited)

still no luck Rcmaehl

i pasted it in and hit F5 to run it and errors out at the ConsoleWrite command part ..

>"C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" /run /prod /ErrorStdOut /in "\\my docs\Folder Maker\test.au3" /autoit3dir "C:\Program Files\AutoIt3" /UserParams

+>08:11:57 Starting AutoIt3Wrapper v.2.0.3.0 Environment(Language:0409  Keyboard:00000409  OS:WIN_XP/Service Pack 3  CPU:X64 OS:X86)

>Running AU3Check (1.54.19.0)  from:C:\Program Files\AutoIt3 

\\my docs\Folder Maker\test.au3(22,94) : ERROR: ConsoleWrite() [built-in] called with wrong number of args.     

ConsoleWrite(@ComSpec & ' /c c:\XCACLS.vbs "' & $USER & '" /I Copy', @ScriptDir, @SW_HIDE) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ 
\\my docs\Folder Maker\test.au3 - 1 error(s), 0 warning(s) 

!>08:11:57 AU3Check ended.rc:2 
>Exit code: 0    Time: 0.753
Edited by startrek133

Share this post


Link to post
Share on other sites

Posted

I totally failed there. I forgot to copy the entire runwait commands into the consolewrites.

Share this post


Link to post
Share on other sites

Posted

huh at least you know what your talking about , i was tiring to look up with the consolewrite command did and find examples and its slow going .. i hate how they don't teach you any of this at school!!!!!!

Share this post


Link to post
Share on other sites

Posted

huh at least you know what your talking about , i was tiring to look up with the consolewrite command did and find examples and its slow going .. i hate how they don't teach you any of this at school!!!!!!

O_o You learned autoit at school!?

Share this post


Link to post
Share on other sites

Posted (edited)

PLEASE! Change $s_basefolder and $s_inputfile, compile the script and run it. I tested it and it runs good.

#AutoIt3Wrapper_Change2CUI=y
#include <file.au3>

Dim $s_basefolder = "C:\Test"
Dim $s_inputfile = "C:\jobs\users.txt"
Dim $a_users

DirCreate($s_basefolder)

RunWait("icacls.exe " & $s_basefolder &  " /inheritance:d")
RunWait("icacls.exe " & $s_basefolder &  ' /remove:g "CREATOR OWNER"')
RunWait("icacls.exe " & $s_basefolder &  ' /remove:g "BUILTIN\Users"')

_FileReadToArray($s_inputfile, $a_users)

For $i = 1 To $a_users[0]
    DirCreate($s_basefolder & "\" & $a_users[$i] )
    RunWait("icacls.exe " & $s_basefolder & "\" & $a_users[$i] & " /grant " & $a_users[$i] & ":(OI)(CI)(RX,W,DC)")
Next

It isn't that hard to understand, is it?

Edited by Hannes123

Share this post


Link to post
Share on other sites

Posted

No I wish , we had it would have come in handy seeing how in the world of IT , you can make your life easier by script things out .. that is if you understand program code and stuff like that .. i tried for a week to write this up before posting on .. I just hope it can be done , because i really don't want to have to hand type out 200+ folders and then set all the permissions ..

Share this post


Link to post
Share on other sites

Posted (edited)

PLEASE! Change $s_basefolder and $s_inputfile, compile the script and run it. I tested it and it runs good.

#AutoIt3Wrapper_Change2CUI=y
#include <file.au3>

Dim $s_basefolder = "C:\Test"
Dim $s_inputfile = "C:\jobs\users.txt"
Dim $a_users

DirCreate($s_basefolder)

RunWait("icacls.exe " & $s_basefolder &  " /inheritance:d")
RunWait("icacls.exe " & $s_basefolder &  ' /remove:g "CREATOR OWNER"')
RunWait("icacls.exe " & $s_basefolder &  ' /remove:g "BUILTIN\Users"')

_FileReadToArray($s_inputfile, $a_users)

For $i = 1 To $a_users[0]
    DirCreate($s_basefolder & "\" & $a_users[$i] )
    RunWait("icacls.exe " & $s_basefolder & "\" & $a_users[$i] & " /grant " & $a_users[$i] & ":(OI)(CI)(RX,W,DC)")
Next

It isn't that hard to understand, is it?

O_o *Facepalms at his own stupidity.* Why didn't I think of that. Edited by rcmaehl

Share this post


Link to post
Share on other sites

Posted

O_o You learned autoit at school!?

I use AutoIT for my IT trainees, and I can tell it's fun for 90% of them :mellow:

Share this post


Link to post
Share on other sites

Posted (edited)

It seems like it could be fun and help with doing alot of things .. i just have a hard time getting past all the syntax and grammar , and I keep getting confused , because I started this whole thing with tring to use the "cacls" and after 2 days nothing was working so went to the "xcacls" and everything worked fine there , but couldnt use the array had to keep typing in the username ..

then you Hannes said to use the "Icacls" which i still dont understand because it talks about using the ssid and everything else , and i dont need any of that .. i just need to make a folder and set the permissions as the following ..

1. local admins (full control) ( this folder, subfolders, and files)

2. creator owner ( full control) ( subfolders and files only)

3. User (full control) ( this folder, subfolders, and files)

4. me (full control) ( this folder, subfolders, and files)

5. system (full control) ( this folder, subfolders, and files)

6. remove the inherit flag

7. set ownership to local admin

8. remove local users account

never though it would be this hard .. Plus now I am all confused , because rcmaehl was trying to do with the "xcacls" and Hannes is trying to do it with the "Icacls" i dont know what command to be using anymore ..

Edited by startrek133

Share this post


Link to post
Share on other sites

Posted

First of all, it is not a good idea granting users "Full Control" as there is no need for them to modify access rights.

Second, discard the "Creator Owner" because he doesn't need to be there, as the user should stay it his own folder.

Third, "The User" should only have the right to his folder to read, write and delete only subfolders and files, otherwise he will be ableto delete his own folder (bad idea)

Fourth, don't grat yourself as a user the "full control" right to all users, use a separate AD group (e.g. "Userfolder_modify") and be a member of that group

Fifth, why setting the ownership of the files (to the admin account)? You won't be able to use quotas later on. Either try to set the owner to "The user" on his folder or leave it like it is.

Sixth, well, probably removing local users actually does make sense ... :mellow:

And now let me see: points "First" through "Fourth" will by done by my script. What else do you want?!?

Share this post


Link to post
Share on other sites

Posted

I get what your saying Hannes, but I am stuck .. the boss wants the folders set like that , and if I don't give myself full access then I cant redo people profiles when they mess them up because I don't have access to there folder in order to go into and copy stuff out .. and the "upper" level IT team that controls the groups, policy's, and stuff like that so not big on letting me changes in AD ..

in fact i don't even have access to AD , i have to call them to get things down at times ... I feel like at times the job they hired me i cant even do because i don't have access to have the systems i need, and that some of the network and AD settings need to be redone to make sense and run better ..

as for your program, it never worked remember , i told you yesterday that when i went to run it , it opened hundreds of them and then crashed my computer .. and i don't understand the "icacls" enough or autoit enough to know why it did that ..

so as it stands right now, i am more confused about what to do than i was at the begin of the week ..

Share this post


Link to post
Share on other sites

Posted (edited)

The whole reason this little project started was because My Boss and I ad the Local Admins of this office, don't have rights to the current users profile folders, somehow they got all messed up .. and when trying to take ownership it will not let us .. So my Boss started fresh by making a new roaming profile folder out on the server and pointed some test people there. After about a month of testing he found that the settings that I was talking about work with the users and with roaming profiles ..

its not like I am tiring to be a dick or a pain, its just confusing for me, because in college they didn't teach us anything about scripting, so i am noob at this, and this place has the some of the most messed up policies and network settings i have ever seen to where if we change the permissions on a folder its 50/50 to where it will work right or work how it should ..

but I am great full for everyone's help and hope that someone will become of this because i really REALLY don't wanna have to hand type out 200+ folders and set the permissions on each folder ..

Edited by startrek133

Share this post


Link to post
Share on other sites

Posted (edited)

This will do what you want:

#AutoIt3Wrapper_Change2CUI=y
#include <file.au3>

Dim $s_basefolder = "C:\Test"
Dim $s_inputfile = "C:\jobs\users.txt"
Dim $a_users

DirCreate($s_basefolder) ; Create basefolder

RunWait("icacls.exe " & $s_basefolder &  " /inheritance:d") ; Break inherti on base folder
RunWait("icacls.exe " & $s_basefolder &  ' /remove:g "CREATOR OWNER"') ; Remove Creator Owner
RunWait("icacls.exe " & $s_basefolder &  ' /remove:g "BUILTIN\Users"') ; Remove any users

_FileReadToArray($s_inputfile, $a_users)

For $i = 1 To $a_users[0]
    DirCreate($s_basefolder & "\" & $a_users[$i] ) ; Create user folder
    RunWait("icacls.exe " & $s_basefolder & "\" & $a_users[$i] & " /grant " & $a_users[$i] & ":(OI)(CI)(IO)(F)") ; Add user to Folder with Full Control
    RunWait("icacls.exe " & $s_basefolder & "\" & $a_users[$i] & " /grant ""CREATOR OWNER"":(OI)(CI)(IO)(F)") ; Add creator owner with Full Control
    RunWait("icacls.exe " & $s_basefolder & "\" & $a_users[$i] & " /grant """ & @UserName & """:(OI)(CI)(IO)(F)") ; Grant you user Full Control
	RunWait("icacls.exe " & $s_basefolder & "\" & $a_users[$i] &  " /inheritance:d") ; Break inheritance, copy from parent
	RunWait("icacls.exe " & $s_basefolder & "\" & $a_users[$i] &  " /setowner ""BUILTIN\Administrators"" /T /C") ; Set owner to local administrator
Next

Except for removing the local users that have already access, because I assume you'll create a NEW folder.

Edited by Hannes123

Share this post


Link to post
Share on other sites

Posted

Hi Hannes,

just tired it again , I changed the two varibles like you said , and still did the same thing open hundreds of them and crashed my computer ..

Posted Image

#AutoIt3Wrapper_Change2CUI=y 
#include <file.au3>  

Dim $s_basefolder = "C:\" 
Dim $s_inputfile = "C:\test.txt" 
Dim $a_users  

DirCreate($s_basefolder)  

RunWait("icacls.exe " & $s_basefolder &  " /inheritance:d") 
RunWait("icacls.exe " & $s_basefolder &  ' /remove:g "CREATOR OWNER"') 
RunWait("icacls.exe " & $s_basefolder &  ' /remove:g "BUILTIN\Users"')  _FileReadToArray($s_inputfile, $a_users)  

For $i = 1 To $a_users[0]     

DirCreate($s_basefolder & "\" & $a_users[$i] )     
RunWait("icacls.exe " & $s_basefolder & "\" & $a_users[$i] & " /grant " & $a_users[$i] & ":(OI)(CI)(RX,W,DC)") 

Next  

Share this post


Link to post
Share on other sites

Posted (edited)

Well, pal what happens if you name your program "icacls" and you're trying to open "icacls" from that script?!?

--> Loop of death! :mellow:

Edited by Hannes123

Share this post


Link to post
Share on other sites

Posted

duh !!!

ok my bad , never even though that , because i have the icacls.exe program on the c:\ and my folder stuff in a different folder .. sorry my bad !!!

but still didnt working .. i made the folder this time and ended .. but still not setting the permissions or setting the users right ..

>
"C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" /run /prod /ErrorStdOut /in "\\my docs\Folder Maker\icaclstest.au3" /autoit3dir "C:\Program Files\AutoIt3" /UserParams

+>09:51:14 Starting AutoIt3Wrapper v.2.0.3.0    Environment(Language:0409  Keyboard:00000409  OS:WIN_XP/Service Pack 3  
CPU:X64 OS:X86) >Running AU3Check (1.54.19.0)  from:C:\Program Files\AutoIt3 
+>09:51:14 AU3Check ended.rc:0 
>Running:(3.3.6.1):C:\Program Files\AutoIt3\autoit3.exe "\\my docs\Folder Maker\icaclstest.au3"     
+>09:51:14 AutoIT3.exe ended.rc:0 
>Exit code: 0    Time: 4.256

Share this post


Link to post
Share on other sites

Posted

duh !!!

ok my bad , never even though that , because i have the icacls.exe program on the c:\ and my folder stuff in a different folder .. sorry my bad !!!

but still didnt working .. i made the folder this time and ended .. but still not setting the permissions or setting the users right ..

>
"C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" /run /prod /ErrorStdOut /in "\\my docs\Folder Maker\icaclstest.au3" /autoit3dir "C:\Program Files\AutoIt3" /UserParams

+>09:51:14 Starting AutoIt3Wrapper v.2.0.3.0    Environment(Language:0409  Keyboard:00000409  OS:WIN_XP/Service Pack 3  
CPU:X64 OS:X86) >Running AU3Check (1.54.19.0)  from:C:\Program Files\AutoIt3 
+>09:51:14 AU3Check ended.rc:0 
>Running:(3.3.6.1):C:\Program Files\AutoIt3\autoit3.exe "\\my docs\Folder Maker\icaclstest.au3"     
+>09:51:14 AutoIT3.exe ended.rc:0 
>Exit code: 0    Time: 4.256

Put the icacls.exe in the same folder, as probably "C:\" is not in your "PATH" environment variable.

If you compile the script and start it from a command line (cmd.exe) you will see the output of icacls.exe in the same window.

Share this post


Link to post
Share on other sites

Posted

well getting closer ..

it kinda worked .. it made the folder , gave local admin full control, deleted local user, gave system full control, and added the user of that folder in there and gave him some permissions ..

so just need to figure out, how to give the user full control, remove the inherit flag, set owner to local admin, and add me with full control .

LOL my head hurts !!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.