none
icacls vbscript - disabling inheritance and removing permissions a security group RRS feed

  • Question

  • Hi all,

    I have been working on a script to do what the subject line says but I'm really not getting anywhere. I feel as though I'm almost there, but I just can't figure out the last part.

    My script is as follows:

    Option Explicit
    
    'Declare Variables
    Dim strProjectsFolder, strProjectNumber, strCostingsPath, strProjectsLTDGroup
    
    'Set Variables
    strProjectsFolder = "\\ac1fpcov01.za.if.atcsg.net\Business\Delegation IT\Projects\"
    strProjectNumber = InputBox("Please enter the new Project Number", "Project Number")
    strCostingsPath = strProjectsFolder & strProjectNumber & "\02. Costing"
    strProjectsLTDGroup = "AC1-LS-Finance SSC"
    
    SetPermissions 
    
    Function SetPermissions()
    	Dim intRunError, objShell, objFSO
    	
    	Set objShell = CreateObject("Wscript.Shell")
    	Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    	If objFSO.FolderExists(strCostingsPath) Then
    		WScript.Echo "You're changing the permissions on " & strCostingsPath
    'Remove inheritance from subfolders and files
    		intRunError = objShell.Run ("%COMSPEC% /c Echo Y| ICACLS.EXE " & strCostingsPath & " /inheritance:d /remove:g AC1-LS-Finance SSC:(OI)(CI) ", 2, True)
    		If intRunError <> 0 Then
    			Wscript.Echo "Error removing inheritance from " & strCostingsPath
    		End If
    'Remove all permissions granted to the group
    		'intRunError = objShell.Run ("ICACLS.EXE " & strCostingsPath & " /T /remove:g strProjectsLTDGroup ", 2 True)
    		'If intRunError <> 0 Then
    			'Wscript.Echo "Error removing permissions for" & strProjectsLTDGroup " from " & strCostingsPath
    		'End If
    		Else
    			WScript.Echo "Error: Project Folder " & strProjectNumber & " does not exist."
    	End If
    End Function
    
    WScript.Quit

    I've REMd some lines to simplify while I debug, so I'm currently focusing on the removal of inheritance. I figured if I got that bit right I could move onto the removal of permissions, either in a second IF statement or in the same command line.

    But basically, what the script is doing is:
    1. Ask the user for the Project number (e.g. P33333)
    2. Set variables for the file / folder location based on the project folder on the server
    3. Check that the project folder exists, and show a message with the subfolder on which the permissions are being changed.
    4. Run the ICACLS command with the /inheritance:d /T switch to disable inheritance on the project subfolder and all subfolders and files.
    5. I've included inRunError to capture any errors, and added another IF statement to show which part of the script is showing the error (only the inheritance section is active at the moment).
    6. Finally, an Error trap in case the project folder was entered incorrectly.

    Run the script, and all I get is the inRunError that the inheritance command isn't working.

    I've taken the exact same command and entered it into a bat file and it works perfectly fine. But in a script it fails every time. I've tried taking all the variables out and working with a skeleton script and still nothing.

    So it leads me to believe that I'm either trying to do something with the command that isn't possible, or vbscript just doesn't like me.

    Any help would be greatly appreciated.

    Thanks

    Chris

    PS. I'm also using COMSPEC to call the command line interface as the command could be launched on different OS versions.

    Friday, September 26, 2014 12:42 PM

Answers

  • strCmd = "cmd /k ICACLS.EXE """ & strCostingsPath & """ /inheritance:d /remove:g AC1-LS-Finance SSC:(OI)(CI) "

    ¯\_(ツ)_/¯

    • Marked as answer by ChrisCoops Friday, September 26, 2014 1:49 PM
    Friday, September 26, 2014 1:36 PM

All replies

  • I should also add, clearly the folder is on a network location. My user account does already have full control permissions over the folder.

    It is also an AD security group that I am changing the permissions of in the second part of the script, again it works as-is in a bat file, but not in the script.

    Friday, September 26, 2014 1:08 PM
  • Run it like this and look at the error.

    strCmd = "cmd /k ICACLS.EXE " & strCostingsPath & " /inheritance:d /remove:g AC1-LS-Finance SSC:(OI)(CI) "
    intRunError = objShell.Run (strCmd,1,True)


    ¯\_(ツ)_/¯

    Friday, September 26, 2014 1:16 PM
  • Thanks jrv.

    error message is

    Invalid parameter "IT\Projects\P33333\02."

    So looks like it it's because of a space within the string variable that I'm declaring. Need to find out how to enclose the string in additional quotation marks...

    • Marked as answer by ChrisCoops Friday, September 26, 2014 1:49 PM
    • Unmarked as answer by ChrisCoops Friday, September 26, 2014 1:49 PM
    Friday, September 26, 2014 1:28 PM
  • strCmd = "cmd /k ICACLS.EXE """ & strCostingsPath & """ /inheritance:d /remove:g AC1-LS-Finance SSC:(OI)(CI) "

    ¯\_(ツ)_/¯

    • Marked as answer by ChrisCoops Friday, September 26, 2014 1:49 PM
    Friday, September 26, 2014 1:36 PM
  • Perfect. Cheers very much!
    Friday, September 26, 2014 1:49 PM