Jump to content

Set User rights of a folder

cpremo
 Share

Recommended Posts

PsaltyDS Universalist

PsaltyDS

Posted
Posted

Is there a way to give a user or group account rights to a folder from within AutoIT? I can't seem to find the code on how to do it.

I use SetACL.exe via command line for that. Works on files, folders, shares, printers, registry, etc. Quite powerful.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
cpremo Seeker

cpremo

Posted
  • Author
Posted

OK, I'm toatlly lost. I don't get the examples. This is want I want to do.

***************************************************************

;Check to if a file exists instead of a folder.

;If true, delete the file and then create the directory.

if FileExists("C:\pcupdates.*") then

FileDelete("C:\pcupdates.*")

DirCreate("C:\PCUpdates")

EndIf

;Then, I want to see if the "User" account on the Win_2000 or Win_XP PC has Full permissions to the folder "C:\PCUpdates".

If . . . . . Then

;If not, then assign full permissions to the folder

Endif

**************************************************************

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

That actually uses SetACL also, but the ActiveX vice .exe version (both downloaded from the same place): 
$SetACL1 = ObjCreate("SetACL.SetACLCtrl.1")

I prefer SetACL.exe because adding the ActiveX version to every machine my script runs on requires lots of configuration management paperwork. I can just put SetACL.exe in the networked @ScriptDir and use it without installing anything that requires permission.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

OK, I'm toatlly lost. I don't get the examples. This is want I want to do.

***************************************************************

;Check to if a file exists instead of a folder.

;If true, delete the file and then create the directory.

if FileExists("C:\pcupdates.*") then

FileDelete("C:\pcupdates.*")

DirCreate("C:\PCUpdates")

EndIf

;Then, I want to see if the "User" account on the Win_2000 or Win_XP PC has Full permissions to the folder "C:\PCUpdates".

If . . . . . Then

;If not, then assign full permissions to the folder

Endif

**************************************************************

The action "list" shows current entries: 
-actn list

The action "ace" (Access Control Entry) adds entries: 

-actn ace

Look again at the examples page and you'll see lots of examples of both.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
cpremo Seeker

cpremo

Posted
  • Author
Posted

OK so this is what I have, but where do I call the SetACL.exe command? From within the AutoIT program or do I call a Batch file?

**************************************************************

If Not IsAdmin() Then

RunAsSet('administrator', @Computername, 'password')

EndIf

if FileExists("C:\pcupdates.*") then

FileDelete("C:\pcupdates.*")

DirCreate("C:\PCUpdates")

EndIf

;Where do I call this form inside this EXE ??????

SetACL.exe -on "C:\my dir" -ot file -actn ace

-ace "n:user1;p:full"

**************************************************************

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

OK so this is what I have, but where do I call the SetACL.exe command? From within the AutoIT program or do I call a Batch file?

Like this: 
$sUser = 'administrator'
$sDomain = @ComputerName
$sPass = 'password'

If IsAdmin() Then
    RunWait('SetACL.exe -on "C:\my dir" -ot file -actn ace -ace "n:user1;p:full"', @TempDir)
Else
    RunAsWait($sUser, $sDomain, $sPass, 4, 'SetACL.exe -on "C:\my dir" -ot file -actn ace -ace "n:user1;p:full"', @TempDir)
EndIf
Keeping in mind that it is a bad idea to code passwords into your scripts. Better to prompt the user for them with InputBox(), etc.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
cpremo Seeker

cpremo

Posted
  • Author
Posted

Like this: 

$sUser = 'administrator'
$sDomain = @ComputerName
$sPass = 'password'

If IsAdmin() Then
    RunWait('SetACL.exe -on "C:\my dir" -ot file -actn ace -ace "n:user1;p:full"', @TempDir)
Else
    RunAsWait($sUser, $sDomain, $sPass, 4, 'SetACL.exe -on "C:\my dir" -ot file -actn ace -ace "n:user1;p:full"', @TempDir)
EndIf
Keeping in mind that it is a bad idea to code passwords into your scripts. Better to prompt the user for them with InputBox(), etc.

:)

Thanks for your help. I appreciate your warning, but . . . how do you handle running script to update PC's when the user only has User rights??? We code in the Administrator account name and password to be able to run the script as an administrator.

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

Thanks for your help. I appreciate your warning, but . . . how do you handle running script to update PC's when the user only has User rights??? We code in the Administrator account name and password to be able to run the script as an administrator.

The only reason that's a problem is because the user account is initiating the script in the first place. Either accomplish what you need remotely using the admin's authentication, or schedule it remotely with SCHTASKS.exe to run with admin/SYSTEM perms on the local box. You could also set up a Auto Admin Logon by remote registry, and then force a reboot, but that is risky because the login winds up in the registry in plain text.

The fact that the user is initiating the process is your first problem.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
cpremo Seeker

cpremo

Posted
  • Author
Posted

The only reason that's a problem is because the user account is initiating the script in the first place. Either accomplish what you need remotely using the admin's authentication, or schedule it remotely with SCHTASKS.exe to run with admin/SYSTEM perms on the local box. You could also set up a Auto Admin Logon by remote registry, and then force a reboot, but that is risky because the login winds up in the registry in plain text.

The fact that the user is initiating the process is your first problem.

:)

Actually, we're a Novell shop and are using this (AutoIT) program to launch updates to the PCs. This allows us to change configurations on the fly (We don't have Zenworks yet). It is quit useful since our users only have "User" rights to the PC. We launch the AutoIT executibles with our Login script. So there in lies the need to have the admin name and password imbeded.

Link to comment
Share on other sites
  • 1 month later...
cherdeg Polymath

cherdeg

Posted
Posted (edited)

For everyone interested (maybe slightly OT); an example of how to use setacl.exe from within autoit (please see as well my complete script in the examples section):

; $s_ToolsShare     is the (network)folder where setacl.exe resides
; $s_ACLtool        is the name of the variant of setacl.exe to be used (x86 vs. x64)
; $arrACLobjects    is an array consisting of file/directory objects their ACLs are to be modified
;
; so: $s_ToolsShare & "\" & $s_ACLtool & " means the place and filename of setacl.exe
;
; revoke All Access for "Everyone", "Users" and "Power Users"
; set Full Access for   "Administrators" and "System" 
; remove inherited permissions 
; inherit the new ones recursivly
;
$cmd = $s_ToolsShare & "\" & $s_ACLtool & " -on """ & $arrACLobjects[$i] & """ -ot file -actn ace -ace ""n:everyone;m:revoke"" -ace ""n:users;m:revoke"" -ace ""n:power users;m:revoke"" -ace ""n:S-1-5-32-544;p:full;s:y"" -ace ""n:S-1-5-18;p:full;s:y"" -actn setprot -op ""dacl:p_nc;sacl:p_nc"" -rec cont_obj"
RunWait(@ComSpec & " /c " & $cmd, "", @SW_HIDE)

Best Regards,

Christoph Herdeg

Edited by cherdeg
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...