04 April 2007

Reset Permissions Home Folder

 

I'm busy with a migration of two domains. One Domain will eventually be removed. This domain residence all of the user profiles and home folders. All the Home folders still uses the permissions of the old domain. Works perfectly at the moment, but when that domain will be removed it is going to be a problem.

That's why I'm going to copy the home and profile folders from a server in the old domain to a new server in the new domain. I Only have to change the permissions on the home folders to match to the "new" users. You can do this manually or use xcacls, but you have to do this for every folder individually.

I have written a script that changes the permissions on all of the subfolders in a specified folder automatically. It uses the foldername (that must match with a username in Active Directory) as a username to give permissions. It also gives the Domain Administrators group access. You can change this to your needs.

You still need XCACLS. This is part of the Windows 2003 Support tools. You can download them here. NOTE: It has to be run directly on the server or used with a network mapped drive. UNC-path won't work.

Download script here.

 

'============================================================================
' VBScript Source File
' NAME: Permissions Home Folder
' AUTHOR: Ruudvdh (WASTEIL)
' WEBSITE : http://wasteil.blogspot.com
' DATE  : 19-3-2007
' COMMENT: This script changes the permissions of all the subfolders in the
' specified folders. It uses the folder name and matches this with a username
' in Active Directory. Therefore the foldername must be equal to the username.
'
' Permissions  (See CONST UsrPerm1 & UsrPerm2:
' R = Read
' C = Change (write)
' F = Full control
' P = Change Permissions (Special access)
' O = Take Ownership (Special access)
' X = EXecute (Special access)
' E = REad (Special access)
' W = Write (Special access)
' D = Delete (Special access)
'
' !!!NEEDED PROGRAMS!!!
' XCACLS.EXE 
' This program is part of the Support Tools
' DOWNLOAD: 
' http://support.microsoft.com/kb/892777
'
'============================================================================

' DECLARING VARIABLES
Option Explicit
DIM Commando, Counter, Domain 
DIM Folder, iReturn, objFSO
DIM objShell, objSysInfo, rootFolder
DIM strFolder, strUser, SubFolders

' INSTANTIATING AN OBJECT PART1
SET objSysInfo     =     CreateObject("ADSystemInfo")
SET objFSO         =     CreateObject("Scripting.FileSystemObject")
SET objShell     =     wscript.createObject("wscript.shell")

' ASSIGNING VALUES TO VARIABLES
strFolder     =    Lcase(Inputbox(Ucase("Enter path Home folder") &VbCr &VbCr _
                &"Use the following syntax:" &VbCr _
                &"D:\Users\","Home-Folder","D:\Users\"))
Domain        =    objSysInfo.ForestDNSName & "\"

' INSTANTIATING AN OBJECT PART2
SET rootFolder     =     objFSO.GetFolder(strFolder)
SET SubFolders     =     rootFolder.SubFolders

' ASSIGNING VALUES TO CONSTANTS
' INFO: You can find the possible permissions in the comment
CONST Usr1        =    "Domain Admins" 
CONST UsrPerm1    =    "F"
CONST UsrPerm2    =    "RWC"

'================================CODE=========================================

IF objFSO.FolderExists(strFolder) THEN
    FOR Each Folder In SubFolders
        strUser     =     replace(Lcase(Folder),strFolder,"")
        commando     =     "xcacls " &Folder &" /g ""Domain Admins"":" &UsrPerm1 _ 
                        &" """ &Domain &strUser &""":" &UsrPerm2 &" /T /C /Y"
        iReturn     =     objShell.Run(commando)
        Counter     =     Counter + 1
        ' This sleep is specially done to not overload the system with 
        ' xcacls screens.
        wscript.sleep 1500
    NEXT
    wscript.echo "Finished!" &VBCR &Counter &" folders are reset."
ELSE
    wscript.Echo "Folder: " &Ucase(strFolder) &"  doesn't exist." &VbCr _
    &"Verify the location and try again."
    END IF

SET objSysInfo     =     NOTHING
SET objFSO         =     NOTHING
SET objShell     =     NOTHING
SET rootFolder     =     NOTHING
SET SubFolders     =     NOTHING
'=============================END=OF=CODE=====================================
wscript.quit

Posted by at

3 comments:

Jesse Rieger said...

I just wanted to say thank you very much for posting this very useful script.. It will save me a lot of time in the near future.

I commented out the "&" in the domain variable , there seems to be two "\" for the domain\user string.
ie. Domain=objSysInfo.ForestDNSName
'& "\"

Also, too.. For error checking of the subfolder loop, I put in iReturn = objShell.Run("%comspec% /K" & commando) to see the
individual CMD screens.

Thanks again.

Cheers,

- Jesse

April 10, 2008 at 12:39 AM
Unknown said...

I have tried to run this script on 2003 RC1 but it keeps on showing the parameters for xcacls.exe, doesn't seem to work. any ideas?

January 15, 2009 at 10:11 PM
Rehinna said...

Adoration to peruse it,Waiting For More new Update and I Already Read your Recent Post its Great Thanks. HOA Accounting Services

May 5, 2017 at 3:40 PM

Post a Comment

Subscribe to: Post Comments (Atom)