none
Script to revoke home folder permission for users

    Question

  • We are in the process of migrating file server to new hardware and need help with revoking permission to Home folders. We want users to manually copy only meaningful data from old home drive to new home drive. After 2 weeks, we want to restrict users by giving only read access to their home folders and after that will delete the folder. So here is what i am looking for;

    A script to read user name from input file (notepad or excel) and get the homeDirectory attribute by quering  AD and reset permission for input user from full control to read only. All other permission remains intact (eg:- Admins - Full control). Can somebody help me with a vbscript?

    Sandy.

    Friday, November 29, 2013 5:01 AM

Answers

  • Here is  closer bit but you still have to work it out.  I recommend a book on basic scripting.

    Const strFile = "c:\user.txt"
    
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")
    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection
    strBase = "<LDAP://" & strDNSDomain & ">"
    strAttributes = "homeDirectory"
    
    Set WshShell = CreateObject("Wscript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    Set objFile = objFSO.OpenTextFile(strFile)
    Do until objfile.atEndOfStream 
        strUser = objFile.readline 
        adoCommand.CommandText = strBase & ";(sAMAccountName=" & strUser & ")" & ";" & strAttributes & ";subtree"
        Set adoRecordset = adoCommand.Execute
        If Not adoRecordset.EOF Then
            strHomeDir = adoRecordset.Fields("homeDirectory").Value
            intRunError = WshShell.Run("cacls " & strHomeDir & " /E /T /C /P " & strUser & ":R ", 2, True)
        End If
     Loop
     

    I am sure this is all very confusing but I really don't want to write this for you.  Start with the learning resources for this site.


    ¯\_(ツ)_/¯

    • Marked as answer by Santhosh4711 Thursday, December 12, 2013 5:25 AM
    Wednesday, December 11, 2013 8:06 AM

All replies

  • Did you look in the repository?  Have you tried to write  script?

    I recommend using ICACLS.

    Use a text file and FOR/F

    FOR /? at a prompt.


    ¯\_(ツ)_/¯


    • Edited by jrv Friday, November 29, 2013 6:47 PM
    Friday, November 29, 2013 5:59 AM
  • I managed to put together a script. It does the job pretty well. Only thing i have to give is UserLogon name in a notepad, Script will read each user and retrieve homeDirectory value from AD and reset permission using CACLS. But there is a minor bugs which am not able to correct;<o:p></o:p>

    1- If there is a invalid user, script will retain the old homeDirectory value and try to assign permission for this folder for the invalid user. Anyway this will not succeed while assigning permission since user does not exist and am using /C paqrameter in CACLS (Note: I do not want to validate user by querying AD because i want to save this time). So i think its OK because anyway its not going to make an impact <o:p></o:p>

    2- If there is a user in the list with no homeDirectory value assigned, script takes the last valid homeDirectory value and assign permission for this directory. Below is the script, can somebody correct it;

    =========================================================================

    strFile = "c:\user.txt"

    Const ForReading = 1

    intCount = 0
    intEnabledCount = 0

    Dim objRootDSE, strDNSDomain, adoCommand, adoConnection
    Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
    Dim strHomeDir
    Dim objFSO, strUsersFolder, objUsersFolder, objFolder

    '--------------------------------------------------------------------------------------------
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objFile = objFSO.OpenTextFile(strFile, ForReading)
    Do until objfile.atEndOfStream 
    strUser = objFile.readline 
    On Error Resume Next
    Wscript.Echo strUser
    'Loop
    '-------------------------------------------------------------------------------------------
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")

    ' Use ADO to search Active Directory.
    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection

    '--------------------------------------------------------------------------------------------
    ' Search entire domain.
    strBase = "<LDAP://" & strDNSDomain & ">"

    strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & strUser &")" _
        & "(homeDirectory=*))"

    ' Comma delimited list of attribute values to retrieve.
    strAttributes = "homeDirectory"

    ' Construct the LDAP query.
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

    '--------------------------------------------------------------------------------------------
    ' Run the query.
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the resulting recordset.
    'Do Until adoRecordset.EOF
        ' Retrieve values.
        strHomeDir = adoRecordset.Fields("homeDirectory").Value
        'WScript.Echo strHomeDir
        'Loop
    '--------------------------------------------------------------------------------------------
    ' Set Permission using CACLS
    Dim WshShell
    Dim intRunError

    Set WshShell = CreateObject("Wscript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")

    intRunError = WshShell.Run("cacls " & strHomeDir & " /E /T /C /P " & strUser & ":R ", 2, True)
    Loop
    Wscript.Quit

    <o:p>==========================================================================</o:p>




     
    Wednesday, December 11, 2013 7:22 AM
  • Your script is not likely to work because you have commented out all of the required lines. 

    Why?


    ¯\_(ツ)_/¯

    Wednesday, December 11, 2013 7:50 AM
  • Here is  closer bit but you still have to work it out.  I recommend a book on basic scripting.

    Const strFile = "c:\user.txt"
    
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")
    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection
    strBase = "<LDAP://" & strDNSDomain & ">"
    strAttributes = "homeDirectory"
    
    Set WshShell = CreateObject("Wscript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    Set objFile = objFSO.OpenTextFile(strFile)
    Do until objfile.atEndOfStream 
        strUser = objFile.readline 
        adoCommand.CommandText = strBase & ";(sAMAccountName=" & strUser & ")" & ";" & strAttributes & ";subtree"
        Set adoRecordset = adoCommand.Execute
        If Not adoRecordset.EOF Then
            strHomeDir = adoRecordset.Fields("homeDirectory").Value
            intRunError = WshShell.Run("cacls " & strHomeDir & " /E /T /C /P " & strUser & ":R ", 2, True)
        End If
     Loop
     

    I am sure this is all very confusing but I really don't want to write this for you.  Start with the learning resources for this site.


    ¯\_(ツ)_/¯

    • Marked as answer by Santhosh4711 Thursday, December 12, 2013 5:25 AM
    Wednesday, December 11, 2013 8:06 AM
  • Jrj,

    My Script works with a minor bug. I commented only comments and lines and not the actual script lines and that is for me to understand each part of the script.

    Your new script works perfectly. I think i had used unnecessary declarations and property defining.  Thank you very much for the help. I am learning!

    Thursday, December 12, 2013 5:25 AM
  • There's good learning materials for VBScript here:

    http://technet.microsoft.com/en-us/scriptcenter/dd772284

    I really do recommend skipping VBScript and learning PowerShell instead, if you're able to:

    http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx


    Don't retire TechNet! - (Don't give up yet - 12,420+ strong and growing)

    Thursday, December 12, 2013 3:34 PM