Computer Performance, VBScript

Google

Web Search Site

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

How to Set File Permissions with CACLS and Excel

Guy recommends:
VBScript Training Video on CD

Computer Training Software

A VBScript for Setting File Permissions with CACLSCacls Example script excel

This page features the second and third parts of our mission to create user's home folders and employ CACLS to set the permissions.

CACLS is a command-line program ideal for scripting bulk changes to folders permissions.  What makes this CACLS example difficult, but realistic, is that it also creates the users folders from data stored in an Excel Spreadsheet.

Topics for Creating Folders and Setting Permissions with CACLS

This page deals with Stage 2 and 3 creating the home folders and setting the permissions with CACLS.  If you are not familiar with CACLS, here is a refresher for CACLS switches.

Our Mission and Goal

To recap, our mission is to create home directories for users, then assign permissions with CACLS.  The typical structure on a file server would be a shared folder called home, then each user has their own folder as a sub-directory under home.

If you create users home folders with the Active Directory Users and Computers then you can invoke the %username% variable, which not only creates a folder named after the user, but also sets the permission to username full control.

The problem arises if you bulk create users with CSVDE or VBScript, in such cases I find that %username% does not work, so we need an alternative method to create the home folders and set the permissions - a job for CACLS.

As ever the secret of scripting is to build up in stages. 
Stage 1: Introduction to CACLS. Simple example to set folder permission to Administrators full control.
Stage 2: Create the users (sub) folders.  Assumption we have the usernames in a spreadsheet.
Stage 3: Set the permissions on each user's folder to username: f and administrators: f.  (f= full control)

®

Stage 2: Create the users (sub) folders

This stage relies on VBScript creating a FileSystemObject (objFSO), which can read the spreadsheet containing the usernames for the folders.  Once we have the objFSO, we pass the spreadsheet cell values to a variable called strUser.  The Do Until... Loop structure cycles through each cell, reading the usernames in the first column.

Stage 3: Set the permissions on the user's folder

VBScript uses a sub routine to create the folder with the correct name and importantly, set the correct permissions with CACLS commands.  What we want is for each user to have full control of only their own folder.  Administrators are also assigned full control, but to everyone's folder.  I have to admit that Stage 3 is an extension of Stage 1, both deal with setting the CACLS permissions.

Prerequisites

You must have a server with a shared folder.  This is a script that will execute equally well on a Windows server or an XP machine.  Should you get permission errors, I recommend that you logon as administrator.

Instructions for Creating your Cacls VBScript

  1. Copy and paste the example script below into notepad or a VBScript editor.
  2. Change the value for strHomeFolder, especially the server name.
  3. Save the file with a .vbs extension, for example: Cacls.vbs 
  4. Double click Cacls.vbs and check the permissions with Windows Explorer for strHomeFolder.

Sample Script to Set CACLS permissions

 

 

' CaclsExcel.vbs
' Example VBScript to set Cacls
' Version 2.4 - September 2005
' ---------------------------------------------------------'
Option Explicit
Dim intRow, objExcel, objSheet, strPathExcel
Dim strHomeFolder, strHome, strUser
Dim objFSO, objShell, intRunError

' Note you will have to amend the following variables
strHome = "\\grand\home\"
strPathExcel = "E:\Scripts\newUsers.xls"
intRow = 3 ' Row 1 contains headings

' Open the Excel spreadsheet
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objExcel = CreateObject("Excel.Application")
Set objSheet = objExcel.Workbooks.Open(strPathExcel)

' Create a shell for cmd and CACLS
Set objShell = CreateObject("Wscript.Shell")

' Here is the loop that cycles through the cells
Do Until (objExcel.Cells(intRow,1).Value) = ""
strUser = objExcel.Cells(intRow, 1).Value
call HomeDir ' I decided to use a subroutine
intRow = intRow + 1
Loop
objExcel.Quit ' Clears up Excel

Sub HomeDir()
strHomeFolder = strHome & strUser
If strHomeFolder <> "" Then
If Not objFSO.FolderExists(strHomeFolder) Then
On Error Resume Next
objFSO.CreateFolder strHomeFolder
     If Err.Number <> 0 Then
     On Error GoTo 0
     Wscript.Echo "Cannot create: " & strHomeFolder
     End If
On Error GoTo 0
End If
     If objFSO.FolderExists(strHomeFolder) Then
     ' Assign user permission to home folder.
     intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls "_
     & strHomeFolder & " /t /c /g Administrators:f "_
     & strUser & ":F", 2, True)
        If intRunError <> 0 Then
        Wscript.Echo "Error assigning permissions for user " _
        & strUser & " to home folder " & strHomeFolder
        End If
    End If
End If
End Sub
objExcel.Quit

WScript.Quit

' End of Cacls example VBScript


VBScript Tutorial - Learning Points

Note 1: This VBScript example creates a FileSystemObject controlled by objFSO.  This is a classic file object which we can manipulate to extract excel values from the spreadsheet.

Note 2: Cacls operates in a cmd prompt, therefore, the script creates a shell object objShell.  The Run command calls for comspec rather than cmd.exe.
objShell.Run("%COMSPEC% /c Echo Y.  Note the Echo Y to close the box.

Note 3:  The permissions section is controlled by:
& strHomeFolder & " /t /c /g Administrators:f "_
& strUser & ":F", 2, True)

strHomeFolder is the path we want to change the permissions.
/t means trash the existing permissions.  Remove all permissions and add those specified by /g.
(/c  Tells the script to continue if there is an error).
/g Administrators:F Sets the new permissions for Administrators with full control.  Observe how this command sets the users permission: & strUser & '"F:".  The point is that the /g has two qualifiers, the administrators and the strUser.

Note 4: This script contains two sets of error-correcting code, one caters for cases where the folder does not exist, the other section alerts you if VBScript cannot set the permissions.

ˇ

Summary of Setting CACLS Permissions using Excel

Cacls is a command-line utility, which manipulates folder and file permissions.  It is particularly suited to scripting, Cacls is ideal for bulk changes to folder permissions, for example, users home folders.   This page gives you examples of reading from an Excel speadsheet.

Computer Training Software - Recommended Training VideosGuy Thomas recommends Computer Training Software

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

See Also

CACLS   ● (Part 1) VBScript to Create Folders        ● WMI Examples


Introduction to VBScriptDownload my eBook:  Introduction to VBScript - only  $6.25

25+ scripts to get you started with VBScript.  Topics include Active Directory, Network, WMI, File System Object and the Registry.

In addition to the ebook, you get a PDF and a Word version of Introduction to VBScript.

 

 

 

 *

Google

WebThis Site

Free IP SLA MonitorFree IP SLA Monitor

The IP SLA Monitor not only helps to discover network bottlenecks, but also teaches you about router traffic.  See how effortlessly this free monitor analyzes and displays the IP statistics.

The key to configuring is to select the data most relevant to your network, for example, ping echo, DNS resolution times, or HTTP statistics.  Download a free copy of IP SLA Monitor

 

Home Copyright © 1999-2009 Computer Performance LTD All rights reserved

Please report a broken link, or an error.