Re: Creating "Home" dirs via script

---

• From: fabian <fabian@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 24 Feb 2006 13:02:27 -0800

---

I have a question. After running this script for a user I noticed that in the
permisions for this share that the everyone group has accessed to this share.
Is this correct? Shouldn't only the user whose name was give be able to
access this share?

Thanks.

"Randy Reimers" wrote:

The script we use is at the bottom - run it, it opens up a box - you enter
the user's logon ID, it validates the name you typed in, creates the home
share (hidden), sets rights on the share, then pops up a "Done" box. You
need to have a security dll loaded - ADsSecurity.dll (not sure where to get
it). I am not sure if this was partially copied from other areas - if so,
thanks to the original author.

This script can be "wrapped" in another to create MANY home folders at the
same time - it took less than 2 minutes to create 300-400 at one time.

Your logon script would map the home drive letter to \\server\logonID$

Any questions, ask in the group.

Randy Reimers

"Mike M" <nospam@xxxxxxxxxx> wrote in message
news:%23UChC2aKGHA.3144@xxxxxxxxxxxxxxxxxxxxxxx

Our A-D environment disallows us to create home dirs in the User's
Properties part of the GUI. Thus, we need to create them manually.

I looked over at MS's scripting site for a way to mimic this script I
wrote to create a user's home dir in the Novell environment called
"adduser.bat". Simply type in "adduser jsmith" and the rest is done for
you (using the Novell's "rights.exe"):

Mkir \\server1\vol\users\%1
z:\rights RWCEMF \\Server1\vol1\user\%1

Simple and to the point, which is nice.

Is there an equivalent script, or utility buried on a resource kit
somewhere that makes it this easy (or almost as easy) in a Windows server?

TIA,
Mike

strUserName = InputBox ("Please Type the Username for this Share",
"UserName") 'Get UserName
strComputer = "FPS01" 'Change This Line to Match Specific Server
strServerVolume = "D:\Users" 'Change This Line to Match Specific Server
(ex. D:\)
strNetworkVolume = Replace(strServerVolume,":","$")
strAccountDomain = "dc=corp,dc=inet" 'Change this to your doamin
strPermissionLevel = "M"

' The following variables are built based on the information above.
strServerHomePath = strServerVolume
strNetworkHomePath = "\\" & strComputer & "\" & strNetworkVolume
strServerSharePath = strServerHomePath & "\" & strUserName
strNetworkSharePath = strNetworkHomePath & "\" & strUserName
strShareName = strUserName & "$"
Const FILE_SHARE = 0
Public Const ADS_ACETYPE_ACCESS_ALLOWED = 0



Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\"
& strComputer & "\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")
Set objFSO = CreateObject("Scripting.FileSystemObject")

QueryForUser strUserName, strAccountDomain

doesFolderExist = objFSO.folderExists(strNetworkSharePath)

If doesFolderExist = 0 then 'If Folder does not exist, create it via
Network
'Wscript.Echo strSharePath
set objFolder = objFSO.CreateFolder(strNetworkSharePath)
'Wscript.Echo objFolder
End If

doesFolderExist = objFSO.folderExists(strNetworkSharePath) 'Does the
folder exist?

If doesFolderExist = -1 then 'If folder does exist, then create the share
errReturn = objNewShare.Create(strServerSharePath, strShareName,
FILE_SHARE)
End If


If errReturn = "0" then Wscript.Echo "The operation completed successfully."
If errReturn = "2" then Wscript.Echo "The operation could not be completed
because access was denied."
If errReturn = "8" then Wscript.Echo "The operation could not be completed
because of an unknown problem."
If errReturn = "9" then Wscript.Echo "The operation could not be completed
because an invalid name was specified."
If errReturn = "10" then Wscript.Echo "The operation could not be completed
because an invalid level was specified."
If errReturn = "21" then Wscript.Echo "The operation could not be completed
because an invalid parameter was specified."
If errReturn = "22" then Wscript.Echo "The operation could not be completed
because a share by this name already exists."
If errReturn = "23" then Wscript.Echo "The operation could not be completed
because this is a redirected path."
If errReturn = "24" then Wscript.Echo "The operation could not be completed
because the specified folder could not be found."
If errReturn = "25" then Wscript.Echo "The operation could not be completed
because the specified server could not be found."

' Need to remove new Folder if created if Folder already shared.

SetNTFSPermissions strUserName, strPermissionLevel, strNetworkSharePath,
strComputer


Sub QueryForUser(samAccountName,searchOU)

strAcctName = samAccountName
strOU = searchOU

strLDAPquery = "<LDAP://"; & strOU & ">;(&(objectCategory=User)"
'Wscript.echo strOU

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

objCommand.CommandText = strLDAPquery & _
"(samAccountName=" & strAcctName & "));samAccountName;subtree"

Set objRecordSet = objCommand.Execute

If objRecordset.RecordCount = 0 Then
WScript.Echo strAcctName & " does not exist!"
Wscript.Quit
Else
existsUserAccount = 1
End If

objConnection.Close

End Sub

' Set NTFS Permissions
Sub SetNTFSPermissions(strGroupName, strAccessLevel, strPermFolder,
strComputer)

If strAccessLevel = "R" then newAccessLevel = 1179817
If strAccessLevel = "M" then newAccessLevel = 1245631
If strAccessLevel = "F" then newAccessLevel = 2032127
newFlagLevel = 3 ' Do not inherit permissions from parent folder

Set sec = CreateObject("ADsSecurity")
Set sd = sec.GetSecurityDescriptor("file://" & strPermFolder)
Set dacl = sd.DiscretionaryAcl
Set ace = CreateObject("AccessControlEntry")

For Each ace in dacl
ace.AceFlags = newFlagLevel
If ace.Trustee = "BUILTIN\Users" then
dacl.RemoveAce (ace)
End If
Next

Set ace = CreateObject("AccessControlEntry")

ace.Trustee = strGroupName
ace.AccessMask = newAccessLevel
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
ace.AceFlags = newFlagLevel

dacl.AddAce ace
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sd

End Sub

.

---

• Follow-Ups:
  • Re: Creating "Home" dirs via script
    • From: Al Dunbar [MS-MVP]

• References:
  • Creating "Home" dirs via script
    • From: Mike M
  • Re: Creating "Home" dirs via script
    • From: Randy Reimers

• Prev by Date: Re: getting pipeline data with a snapin?
• Next by Date: Re: getting pipeline data with a snapin?
• Previous by thread: Re: Creating "Home" dirs via script
• Next by thread: Re: Creating "Home" dirs via script
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Creating "Home" dirs via script ... This script can be "wrapped" in another to create MANY home folders at the ... completed because the specified folder could not be found." ... WScript.Echo strAcctName & " does not exist!" ... Set ace = CreateObject ... (microsoft.public.windows.server.scripting) Re: "Recovered Files" Always in Trash ... What the script did was to set the permissions correctly on your invisible ... Temporary Items folder. ... Thanks for the advice and the script. ... (microsoft.public.mac.office.word) Problem Creating HomeDirectories and Permissions using VBScript ... and assigning permissions to it in a VBScript script. ... it creates the setting for the folder inside the ... (microsoft.public.win2000.active_directory) Re: Logon Script Elevated Privileges ... script within the GPO if you want, such as selecting from between user ... I'm using XCacls.vbs to create the permissions structure. ... the root folder to create the folder, ... (microsoft.public.windows.group_policy) Re: Logon Script Elevated Privileges ... script within the GPO if you want, such as selecting from between user ... I'm using XCacls.vbs to create the permissions structure. ... > the root folder to create the folder, ... >> of a GPO using elevated privileges. ... (microsoft.public.windows.group_policy)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)