Re: Creating "Home" dirs via script


"fabian" <fabian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A5965B00-7648-484B-8E3A-D66B33BB0162@xxxxxxxxxxxxxxxx
I have a question. After running this script for a user I noticed that in
the
permisions for this share that the everyone group has accessed to this
share.
Is this correct? Shouldn't only the user whose name was give be able to
access this share?

I hope so! But share access is only half the story; what NTFS permissions
are in effect?

Our standard is that all shares are permitted FULL to EVERYONE. We then
manage (or limit) access using NTFS permissions.

/Al

Thanks.

"Randy Reimers" wrote:

The script we use is at the bottom - run it, it opens up a box - you
enter
the user's logon ID, it validates the name you typed in, creates the
home
share (hidden), sets rights on the share, then pops up a "Done" box.
You
need to have a security dll loaded - ADsSecurity.dll (not sure where to
get
it). I am not sure if this was partially copied from other areas - if
so,
thanks to the original author.

This script can be "wrapped" in another to create MANY home folders at
the
same time - it took less than 2 minutes to create 300-400 at one time.

Your logon script would map the home drive letter to \\server\logonID$

Any questions, ask in the group.

Randy Reimers

"Mike M" <nospam@xxxxxxxxxx> wrote in message
news:%23UChC2aKGHA.3144@xxxxxxxxxxxxxxxxxxxxxxx
Our A-D environment disallows us to create home dirs in the User's
Properties part of the GUI. Thus, we need to create them manually.

I looked over at MS's scripting site for a way to mimic this script I
wrote to create a user's home dir in the Novell environment called
"adduser.bat". Simply type in "adduser jsmith" and the rest is done
for
you (using the Novell's "rights.exe"):

Mkir \\server1\vol\users\%1
z:\rights RWCEMF \\Server1\vol1\user\%1

Simple and to the point, which is nice.

Is there an equivalent script, or utility buried on a resource kit
somewhere that makes it this easy (or almost as easy) in a Windows
server?

TIA,
Mike



strUserName = InputBox ("Please Type the Username for this Share",
"UserName") 'Get UserName
strComputer = "FPS01" 'Change This Line to Match Specific Server
strServerVolume = "D:\Users" 'Change This Line to Match Specific Server
(ex. D:\)
strNetworkVolume = Replace(strServerVolume,":","$")
strAccountDomain = "dc=corp,dc=inet" 'Change this to your doamin
strPermissionLevel = "M"

' The following variables are built based on the information above.
strServerHomePath = strServerVolume
strNetworkHomePath = "\\" & strComputer & "\" & strNetworkVolume
strServerSharePath = strServerHomePath & "\" & strUserName
strNetworkSharePath = strNetworkHomePath & "\" & strUserName
strShareName = strUserName & "$"
Const FILE_SHARE = 0
Public Const ADS_ACETYPE_ACCESS_ALLOWED = 0



Set objWMIService =
GetObject("winmgmts:{impersonationLevel=impersonate}!\\"
& strComputer & "\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")
Set objFSO = CreateObject("Scripting.FileSystemObject")

QueryForUser strUserName, strAccountDomain

doesFolderExist = objFSO.folderExists(strNetworkSharePath)

If doesFolderExist = 0 then 'If Folder does not exist, create it via
Network
'Wscript.Echo strSharePath
set objFolder = objFSO.CreateFolder(strNetworkSharePath)
'Wscript.Echo objFolder
End If

doesFolderExist = objFSO.folderExists(strNetworkSharePath) 'Does the
folder exist?

If doesFolderExist = -1 then 'If folder does exist, then create the
share
errReturn = objNewShare.Create(strServerSharePath, strShareName,
FILE_SHARE)
End If


If errReturn = "0" then Wscript.Echo "The operation completed
successfully."
If errReturn = "2" then Wscript.Echo "The operation could not be
completed
because access was denied."
If errReturn = "8" then Wscript.Echo "The operation could not be
completed
because of an unknown problem."
If errReturn = "9" then Wscript.Echo "The operation could not be
completed
because an invalid name was specified."
If errReturn = "10" then Wscript.Echo "The operation could not be
completed
because an invalid level was specified."
If errReturn = "21" then Wscript.Echo "The operation could not be
completed
because an invalid parameter was specified."
If errReturn = "22" then Wscript.Echo "The operation could not be
completed
because a share by this name already exists."
If errReturn = "23" then Wscript.Echo "The operation could not be
completed
because this is a redirected path."
If errReturn = "24" then Wscript.Echo "The operation could not be
completed
because the specified folder could not be found."
If errReturn = "25" then Wscript.Echo "The operation could not be
completed
because the specified server could not be found."

' Need to remove new Folder if created if Folder already shared.

SetNTFSPermissions strUserName, strPermissionLevel, strNetworkSharePath,
strComputer


Sub QueryForUser(samAccountName,searchOU)

strAcctName = samAccountName
strOU = searchOU

strLDAPquery = "<LDAP://"; & strOU & ">;(&(objectCategory=User)"
'Wscript.echo strOU

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

objCommand.CommandText = strLDAPquery & _
"(samAccountName=" & strAcctName &
"));samAccountName;subtree"

Set objRecordSet = objCommand.Execute

If objRecordset.RecordCount = 0 Then
WScript.Echo strAcctName & " does not exist!"
Wscript.Quit
Else
existsUserAccount = 1
End If

objConnection.Close

End Sub

' Set NTFS Permissions
Sub SetNTFSPermissions(strGroupName, strAccessLevel, strPermFolder,
strComputer)

If strAccessLevel = "R" then newAccessLevel = 1179817
If strAccessLevel = "M" then newAccessLevel = 1245631
If strAccessLevel = "F" then newAccessLevel = 2032127
newFlagLevel = 3 ' Do not inherit permissions from parent folder

Set sec = CreateObject("ADsSecurity")
Set sd = sec.GetSecurityDescriptor("file://" & strPermFolder)
Set dacl = sd.DiscretionaryAcl
Set ace = CreateObject("AccessControlEntry")

For Each ace in dacl
ace.AceFlags = newFlagLevel
If ace.Trustee = "BUILTIN\Users" then
dacl.RemoveAce (ace)
End If
Next

Set ace = CreateObject("AccessControlEntry")

ace.Trustee = strGroupName
ace.AccessMask = newAccessLevel
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
ace.AceFlags = newFlagLevel

dacl.AddAce ace
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sd

End Sub





.

Relevant Pages

  • Re: Creating "Home" dirs via script
    ... This script can be "wrapped" in another to create MANY home folders at the ... completed because the specified folder could not be found." ... WScript.Echo strAcctName & " does not exist!" ... Set ace = CreateObject ...
    (microsoft.public.windows.server.scripting)
  • Re: Creating "Home" dirs via script
    ... This script can be "wrapped" in another to create MANY home folders at the ... If doesFolderExist = -1 then 'If folder does exist, ... ' Set NTFS Permissions ... Set ace = CreateObject ...
    (microsoft.public.windows.server.scripting)
  • Remotely sharing folders and permissions.
    ... will create the folder, share it, and set the appropriate NTFS ... script is just a domain user in our win2k network, ... for each ace in dacl ... Function GetUserInfo() ...
    (microsoft.public.scripting.vbscript)
  • Re: Creating "Home" dirs via script
    ... The script we use is at the bottom - run it, it opens up a box - you enter ... If doesFolderExist = -1 then 'If folder does exist, ... WScript.Echo strAcctName & " does not exist!" ... Set ace = CreateObject ...
    (microsoft.public.windows.server.scripting)
  • Re: Deleting files with ASP
    ... o Does the problem page reside in the "_folder" folder? ... Have you verified that NTFS permissions are correct? ... Microsoft FrontPage MVP ... I don't know much about this, but it looks to me like this script ...
    (microsoft.public.frontpage.programming)