Code Script .co.uk

Home | Scripts | Tutorials | Disclaimer | Sitemap | Contact

   Replace Folder Ntfs Security Permissions
 

Vbscript / Files And Folders / Replace Folder Ntfs Security Permissions

Script to replace NTFS ACLs on a folder e.g. to create a user profile folder or home directory. Requires ADsSecurity.dll to be registered (download the DLL, copy to %SYSTEMROOT% and run regsvr32 %SYSTEMROOT%\ADsSecurity.dll to register the DLL).

The example below adds permissions to the folder for Domain Admins and a specified user.


strUser = "student2"

strHomeDir = "\server\users$\test2"

changeACLS  strHomeDir,"add(" & strUser & ":F)+add(domain admins:F)", "REPLACE", "FOLDER"


Function ChangeAcls(FILE,PERMS,REDIT,FFOLDER)

 Const ADS_ACETYPE_ACCESS_ALLOWED = 0
 Const ADS_ACETYPE_ACCESS_DENIED = 1
 Const ADS_ACEFLAG_INHERIT_ACE = 2
 Const ADS_ACEFLAG_SUB_NEW = 9
    
 Set objSEC = Wscript.CreateObject("ADsSecurity")
 Set objSD = objSEC.GetSecurityDescriptor("FILE://" & FILE)
 Set objDACL = objSD.DiscretionaryAcl

 If UCase(REDIT)="REPLACE" Then
  For Each existingAce In objDACL
  objDACL.removeace existingace
  Next
 End If
    
 cmdArray=split(perms,"+")
  
 For x=0 to ubound(cmdarray)
 tmpVar1=cmdarray(x)
 If UCase(left(tmpVar1,3))="DEL" Then
  ACLAction="DEL"
 Else
  ACLAction="ADD"
 End If

 tmpcmdVar=left(tmpVar1,len(tmpVar1)-1)
 tmpcmdVar=right(tmpcmdVar,len(tmpcmdVar)-4)
 cmdparts=split(tmpcmdVar,":")
 nameVar=cmdparts(0)
 rightVar=cmdparts(1)

 If ACLAction="ADD" Then
  If UCase(FFOLDER)="FOLDER" Then
   addace objDACL, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_SUB_NEW
   addace objDACL, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE
  Else
   addace objDACL, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED,0
  End If
 End If
 Next

 For Each ace in objDACL
  If instr(ucase(ace.trustee),"NT AUTHORITY") then
   newtrustee=right(ace.trustee, len(ace.trustee)-instr(ace.trustee, ""))
   ace.trustee=newtrustee
  End If
 Next

 objSD.DiscretionaryAcl = objDACL
 objSEC.SetSecurityDescriptor objSD

End Function

Function addace(objDACL,trustee, maskvar, acetype, aceflags)

 Const RIGHT_READ = &H80000000
 Const RIGHT_EXECUTE = &H20000000
 Const RIGHT_WRITE = &H40000000
 Const RIGHT_DELETE = &H10000
 Const RIGHT_FULL = &H10000000
 Const RIGHT_CHANGE_PERMS = &H40000
 Const RIGHT_TAKE_OWNERSHIP = &H80000
    
 Set objACE = CreateObject("AccessControlEntry")
 objACE.Trustee = trustee
 
 Select Case UCase(MaskVar)
 Case "F"
 objACE.AccessMask = RIGHT_FULL
 Case "C"
 objACE.AccessMask = RIGHT_READ or RIGHT_WRITE or RIGHT_EXECUTE or RIGHT_DELETE
 Case "R"
 objACE.AccessMask = RIGHT_READ or RIGHT_EXECUTE
 End Select

 objACE.AceType = acetype
 objACE.AceFlags = aceflags
 objDACL.AddAce objACE
End Function





Please note that a disclaimer applies to any code on this page.
 
   Actions
  Go Back
  Bookmark
  Print Page


   Menu
 
- Links
- Reference
- Script Editors
- Tutorials
- Vbscript
     - Active Directory
     - Exchange
     - Files And Folders
          - Auto Copy Files From Cdrom
          - Backup My Documents
          - Cleanup Filenames
          - Create Remote File Share
          - File Properties
          - File Server Report
          - File Type Report Scan
          - Find And Replace Filename Text
          - Find And Replace Text In Files
          - Folder Size Scanner
          - Rename Files Find And Remove Text
          - Rename Files Find And Replace Text
          - Replace Folder Ntfs Security Permissions
          - Simple File Report
          - Sort And Move Files To Folders
          - Windows File Locations
     - General
     - Ms Office
     - Operating System
     - Processes And Services
     - Text Processing
     - User Interaction
     - Web Servers


Keywords: NTFS Permissions, Access rights, Access permissions, Folder permissions, Secure user shares, NTFS ACL, Add folder ACL, DACLS, ADsSecurity.dll registration, Change folder access,