Vbscript / Files And Folders / Replace Folder Ntfs Security Permissions
Script to replace NTFS ACLs on a folder e.g. to create a user profile folder or home directory. Requires ADsSecurity.dll to be registered (download the DLL, copy to %SYSTEMROOT% and run regsvr32 %SYSTEMROOT%\ADsSecurity.dll to register the DLL).
The example below adds permissions to the folder for Domain Admins and a specified user.
strUser = "student2"
strHomeDir = "\server\users$\test2"
changeACLS strHomeDir,"add(" & strUser & ":F)+add(domain admins:F)", "REPLACE", "FOLDER"
Function ChangeAcls(FILE,PERMS,REDIT,FFOLDER)
Const ADS_ACETYPE_ACCESS_ALLOWED = 0 Const ADS_ACETYPE_ACCESS_DENIED = 1 Const ADS_ACEFLAG_INHERIT_ACE = 2 Const ADS_ACEFLAG_SUB_NEW = 9 Set objSEC = Wscript.CreateObject("ADsSecurity") Set objSD = objSEC.GetSecurityDescriptor("FILE://" & FILE) Set objDACL = objSD.DiscretionaryAcl
If UCase(REDIT)="REPLACE" Then For Each existingAce In objDACL objDACL.removeace existingace Next End If cmdArray=split(perms,"+") For x=0 to ubound(cmdarray) tmpVar1=cmdarray(x) If UCase(left(tmpVar1,3))="DEL" Then ACLAction="DEL" Else ACLAction="ADD" End If
tmpcmdVar=left(tmpVar1,len(tmpVar1)-1) tmpcmdVar=right(tmpcmdVar,len(tmpcmdVar)-4) cmdparts=split(tmpcmdVar,":") nameVar=cmdparts(0) rightVar=cmdparts(1)
If ACLAction="ADD" Then If UCase(FFOLDER)="FOLDER" Then addace objDACL, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_SUB_NEW addace objDACL, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE Else addace objDACL, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED,0 End If End If Next
For Each ace in objDACL If instr(ucase(ace.trustee),"NT AUTHORITY") then newtrustee=right(ace.trustee, len(ace.trustee)-instr(ace.trustee, "")) ace.trustee=newtrustee End If Next
objSD.DiscretionaryAcl = objDACL objSEC.SetSecurityDescriptor objSD
End Function
Function addace(objDACL,trustee, maskvar, acetype, aceflags)
Const RIGHT_READ = &H80000000 Const RIGHT_EXECUTE = &H20000000 Const RIGHT_WRITE = &H40000000 Const RIGHT_DELETE = &H10000 Const RIGHT_FULL = &H10000000 Const RIGHT_CHANGE_PERMS = &H40000 Const RIGHT_TAKE_OWNERSHIP = &H80000 Set objACE = CreateObject("AccessControlEntry") objACE.Trustee = trustee Select Case UCase(MaskVar) Case "F" objACE.AccessMask = RIGHT_FULL Case "C" objACE.AccessMask = RIGHT_READ or RIGHT_WRITE or RIGHT_EXECUTE or RIGHT_DELETE Case "R" objACE.AccessMask = RIGHT_READ or RIGHT_EXECUTE End Select
objACE.AceType = acetype objACE.AceFlags = aceflags objDACL.AddAce objACE End Function
Please note that a disclaimer applies to any code on this page.
|