v3rt1g0 Posted March 4, 2008 Share Posted March 4, 2008 I'm running the following command locally on the target machine, and while it says the command completed, %windir%\auto does not have the permissions set. D:\>\\server\share\bin\setacl.exe -on "%windir%\auto" -ot file -actn ace -ace "n:domain\userone;p:full" -ace "n:domain\usertwo;p:full" Processing ACL of: <\\?\D:\WINDOWS\auto> SetACL finished successfully. What's wrong with the above syntax? I find it strange that it says "\\?\D:\WINDOWS\auto", as if it's trying to set a remote share. Link to comment Share on other sites More sharing options...
v3rt1g0 Posted March 4, 2008 Author Share Posted March 4, 2008 Also, this is being run after the following AutoIt script which creates and shares the folder. Dim $machine, $windows, $WMIService, $NewShare, $errReturn ;================================================================ ; If %windir%\auto does not exist, create it and share it ;================================================================ $machine = @ComputerName $windows = @WindowsDir $os = @OSVersion If Not FileExists("" & $windows & "\auto") Then If $os = "WIN_VISTA" Then DirCreate("" & $windows & "\auto") Run("\\server\share\vista_auto_share.cmd") ElseIf $os = "WIN_XP" or "WIN_2000" or "WIN_2003" Then DirCreate("" & $windows & "\auto") $WMIService = ObjGet("winmgmts:" & "{impersonationLevel=impersonate}!\\"& $machine & "\root\cimv2") $NewShare = $WMIService.Get("Win32_Share") $errReturn = $NewShare.Create("" & $windows & "\auto", "auto", 0, 10, "Install automation") RunWait('\\server\share\setacl.exe -on "%windir%\auto" -ot file -actn ace -ace "n:domain\userone;p:full" -ace "n:domain\usertwo;p:full"') EndIf EndIf Link to comment Share on other sites More sharing options...
Legacy99 Posted March 4, 2008 Share Posted March 4, 2008 Never used setacl yet but maybe this will work? RunWait('\\server\share\setacl.exe -on ' & @WindowsDir & ' \auto -ot file -actn ace -ace "n:domain\userone;p:full" -ace "n:domain\usertwo;p:full"') or RunWait('\\server\share\setacl.exe -on ' & $windows & ' \auto -ot file -actn ace -ace "n:domain\userone;p:full" -ace "n:domain\usertwo;p:full"') I have not tested it but I would think that %windir% would be interpreted as %windir% and not C:\windows. Maybe I'm wrong. Link to comment Share on other sites More sharing options...
v3rt1g0 Posted March 4, 2008 Author Share Posted March 4, 2008 I don't think that's the problem. I've even tried it with a hardcoded path:\\server\share\setacl.exe -on d:\windows\auto -ot file -actn ace -ace "n:domain\userone;p:full" -ace "n:domain\usertwo;p:full"..and I get the same result. I think it must be something with the -ace portion, but I seem to be using the syntax that is given on the setacl examples page.Never used setacl yet but maybe this will work? RunWait('\\server\share\setacl.exe -on ' & @WindowsDir & ' \auto -ot file -actn ace -ace "n:domain\userone;p:full" -ace "n:domain\usertwo;p:full"')orRunWait('\\server\share\setacl.exe -on ' & $windows & ' \auto -ot file -actn ace -ace "n:domain\userone;p:full" -ace "n:domain\usertwo;p:full"')I have not tested it but I would think that %windir% would be interpreted as %windir% and not C:\windows. Maybe I'm wrong. Link to comment Share on other sites More sharing options...
PsaltyDS Posted March 4, 2008 Share Posted March 4, 2008 (edited) I don't think that's the problem. I've even tried it with a hardcoded path:\\server\share\setacl.exe -on d:\windows\auto -ot file -actn ace -ace "n:domain\userone;p:full" -ace "n:domain\usertwo;p:full"..and I get the same result. I think it must be something with the -ace portion, but I seem to be using the syntax that is given on the setacl examples page.I use SetACL.exe in some of my scripts, and your syntax look correct to me. I even tested it with %MyDir% for the path, and it worked (in my scripts I always parse the path in AutoIt, so it's a literal string by the time it gets to the command line). Of course the user running the SetACL instance must have sufficient rights to make the changes, but even if they didn't you should see an error from it, not a success message. P.S. The "<\\?\D:\WINDOWS\auto>" syntax is the correct message for a local path, too. That's not the problem, unless you're setting the ACL on D: and then checking it on C:. Edited March 4, 2008 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Legacy99 Posted March 5, 2008 Share Posted March 5, 2008 I've run into problems with Anti Viri software stopping me from running programs from the temp directories, changes to system files, editing the hosts file, sending email, you get the idea. Anything like that blocking (or intercepting) the script? just a thought I ran it at home, (no domain), and this worked $source = "c:\Setacl" RunWait($source& '\setacl.exe -on ' &@WindowsDir& '\auto -ot file -actn ace -ace "n:TonyStark;p:full"') ; <-yes I made a new user called Tony Stark. DA DA DA DAA DAAAA. I left off the "%domain/computername%" and TonyStark was added to the folder. I will have to test tomorrow on a domain with multiple users to see if it works. (Oh, and for the record I tried it with %windir% and it breaks the above) Link to comment Share on other sites More sharing options...
v3rt1g0 Posted March 6, 2008 Author Share Posted March 6, 2008 OK, I was using the wrong syntax for shares. It's working now.It was indeed setting *file* permissions correctly before, but not the share permissions, which is what I wanted.Change from: \\server\share\bin\setacl.exe -on "%windir%\auto" -ot file -actn ace -ace "n:domain\usrone;p:full" -ace "n:domain\usrtwo;p:full"Change to: \\server\share\bin\setacl.exe -on auto -ot shr -actn ace -ace "n:domain\usrone;p:full" -ace "n:domain\usrtwo;p:full" Link to comment Share on other sites More sharing options...
PsaltyDS Posted March 6, 2008 Share Posted March 6, 2008 OK, I was using the wrong syntax for shares. It's working now.It was indeed setting *file* permissions correctly before, but not the share permissions, which is what I wanted.Change from: \\server\share\bin\setacl.exe -on "%windir%\auto" -ot file -actn ace -ace "n:domain\usrone;p:full" -ace "n:domain\usrtwo;p:full"Change to: \\server\share\bin\setacl.exe -on auto -ot shr -actn ace -ace "n:domain\usrone;p:full" -ace "n:domain\usrtwo;p:full"Here, I'll loan you a "Doh!" ===> Don't worry, I have LOTS of them! Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
KSum Posted March 7, 2008 Share Posted March 7, 2008 OK, I was using the wrong syntax for shares. It's working now.If it helps any, this thread was most timely. I was looking to write a script to batch permissions over various servers and may not have found such a simple solution without this thread. So I am here to thank you for having an error... Karl Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now