Re: Creating "Home" dirs via script

THANK YOU!!! This is exactly what we've needed!

Link to downloading the ADsSecurity.dll, it's in this SDK:
http://download.microsoft.com/msdownload/adsi/2.5/sdk/x86/en/Sdk.zip
Then you 'll need to register the DLL by "regsvr32 ADsSecurity.dll".

We're using ABE that's an add-on for Win2003sp1, so share creation for each
user is no longer necessary. SoI just rem'd out the 4 lines above the
errReturn section, and it worked 1st time!

THANK YOU!!

Mike




"Randy Reimers" <rreimers.nul@xxxxxxxxxxx> wrote in message
news:eYkIoAzKGHA.3408@xxxxxxxxxxxxxxxxxxxxxxx
The script we use is at the bottom - run it, it opens up a box - you enter
the user's logon ID, it validates the name you typed in, creates the home
share (hidden), sets rights on the share, then pops up a "Done" box. You
need to have a security dll loaded - ADsSecurity.dll (not sure where to
get it). I am not sure if this was partially copied from other areas - if
so, thanks to the original author.

This script can be "wrapped" in another to create MANY home folders at the
same time - it took less than 2 minutes to create 300-400 at one time.

Your logon script would map the home drive letter to \\server\logonID$

Any questions, ask in the group.

Randy Reimers

"Mike M" <nospam@xxxxxxxxxx> wrote in message
news:%23UChC2aKGHA.3144@xxxxxxxxxxxxxxxxxxxxxxx
Our A-D environment disallows us to create home dirs in the User's
Properties part of the GUI. Thus, we need to create them manually.

I looked over at MS's scripting site for a way to mimic this script I
wrote to create a user's home dir in the Novell environment called
"adduser.bat". Simply type in "adduser jsmith" and the rest is done for
you (using the Novell's "rights.exe"):

Mkir \\server1\vol\users\%1
z:\rights RWCEMF \\Server1\vol1\user\%1

Simple and to the point, which is nice.

Is there an equivalent script, or utility buried on a resource kit
somewhere that makes it this easy (or almost as easy) in a Windows
server?

TIA,
Mike



strUserName = InputBox ("Please Type the Username for this Share",
"UserName") 'Get UserName
strComputer = "FPS01" 'Change This Line to Match Specific Server
strServerVolume = "D:\Users" 'Change This Line to Match Specific Server
(ex. D:\)
strNetworkVolume = Replace(strServerVolume,":","$")
strAccountDomain = "dc=corp,dc=inet" 'Change this to your doamin
strPermissionLevel = "M"

' The following variables are built based on the information above.
strServerHomePath = strServerVolume
strNetworkHomePath = "\\" & strComputer & "\" & strNetworkVolume
strServerSharePath = strServerHomePath & "\" & strUserName
strNetworkSharePath = strNetworkHomePath & "\" & strUserName
strShareName = strUserName & "$"
Const FILE_SHARE = 0
Public Const ADS_ACETYPE_ACCESS_ALLOWED = 0



Set objWMIService =
GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer &
"\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")
Set objFSO = CreateObject("Scripting.FileSystemObject")

QueryForUser strUserName, strAccountDomain

doesFolderExist = objFSO.folderExists(strNetworkSharePath)

If doesFolderExist = 0 then 'If Folder does not exist, create it via
Network
'Wscript.Echo strSharePath
set objFolder = objFSO.CreateFolder(strNetworkSharePath)
'Wscript.Echo objFolder
End If

doesFolderExist = objFSO.folderExists(strNetworkSharePath) 'Does the
folder exist?

If doesFolderExist = -1 then 'If folder does exist, then create the
share
errReturn = objNewShare.Create(strServerSharePath, strShareName,
FILE_SHARE)
End If


If errReturn = "0" then Wscript.Echo "The operation completed
successfully."
If errReturn = "2" then Wscript.Echo "The operation could not be completed
because access was denied."
If errReturn = "8" then Wscript.Echo "The operation could not be completed
because of an unknown problem."
If errReturn = "9" then Wscript.Echo "The operation could not be completed
because an invalid name was specified."
If errReturn = "10" then Wscript.Echo "The operation could not be
completed because an invalid level was specified."
If errReturn = "21" then Wscript.Echo "The operation could not be
completed because an invalid parameter was specified."
If errReturn = "22" then Wscript.Echo "The operation could not be
completed because a share by this name already exists."
If errReturn = "23" then Wscript.Echo "The operation could not be
completed because this is a redirected path."
If errReturn = "24" then Wscript.Echo "The operation could not be
completed because the specified folder could not be found."
If errReturn = "25" then Wscript.Echo "The operation could not be
completed because the specified server could not be found."

' Need to remove new Folder if created if Folder already shared.

SetNTFSPermissions strUserName, strPermissionLevel, strNetworkSharePath,
strComputer


Sub QueryForUser(samAccountName,searchOU)

strAcctName = samAccountName
strOU = searchOU

strLDAPquery = "<LDAP://"; & strOU & ">;(&(objectCategory=User)"
'Wscript.echo strOU

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

objCommand.CommandText = strLDAPquery & _
"(samAccountName=" & strAcctName & "));samAccountName;subtree"

Set objRecordSet = objCommand.Execute

If objRecordset.RecordCount = 0 Then
WScript.Echo strAcctName & " does not exist!"
Wscript.Quit
Else
existsUserAccount = 1
End If

objConnection.Close

End Sub

' Set NTFS Permissions
Sub SetNTFSPermissions(strGroupName, strAccessLevel, strPermFolder,
strComputer)

If strAccessLevel = "R" then newAccessLevel = 1179817
If strAccessLevel = "M" then newAccessLevel = 1245631
If strAccessLevel = "F" then newAccessLevel = 2032127
newFlagLevel = 3 ' Do not inherit permissions from parent folder

Set sec = CreateObject("ADsSecurity")
Set sd = sec.GetSecurityDescriptor("file://" & strPermFolder)
Set dacl = sd.DiscretionaryAcl
Set ace = CreateObject("AccessControlEntry")

For Each ace in dacl
ace.AceFlags = newFlagLevel
If ace.Trustee = "BUILTIN\Users" then
dacl.RemoveAce (ace)
End If
Next

Set ace = CreateObject("AccessControlEntry")

ace.Trustee = strGroupName
ace.AccessMask = newAccessLevel
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
ace.AceFlags = newFlagLevel

dacl.AddAce ace
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sd

End Sub



.

Relevant Pages

  • Re: Creating "Home" dirs via script
    ... But share access is only half the story; what NTFS permissions ... This script can be "wrapped" in another to create MANY home folders at ... If doesFolderExist = 0 then 'If Folder does not exist, ... Set ace = CreateObject ...
    (microsoft.public.windows.server.scripting)
  • Re: Creating "Home" dirs via script
    ... This script can be "wrapped" in another to create MANY home folders at the ... If doesFolderExist = -1 then 'If folder does exist, ... ' Set NTFS Permissions ... Set ace = CreateObject ...
    (microsoft.public.windows.server.scripting)
  • Remotely sharing folders and permissions.
    ... will create the folder, share it, and set the appropriate NTFS ... script is just a domain user in our win2k network, ... for each ace in dacl ... Function GetUserInfo() ...
    (microsoft.public.scripting.vbscript)
  • Re: Creating "Home" dirs via script
    ... The script we use is at the bottom - run it, it opens up a box - you enter ... If doesFolderExist = -1 then 'If folder does exist, ... WScript.Echo strAcctName & " does not exist!" ... Set ace = CreateObject ...
    (microsoft.public.windows.server.scripting)
  • Re: Why do some folders/registry keys have 2 permissions instead of 1?
    ... > I'm trying to write a script that will compare permissions for a large ... But if you check the folder or registry key's ... > group/user when it only needed to save one ACE. ... > gives Full Control to myuser for subfolders and files, ...
    (microsoft.public.win2000.general)
Loading