Bulk home folder creation, sharing and set permission

TheMSsForum.com: The Microsoft Software Forum

Hi,
I have list of users in a csv file(300 users) and I have
to create a shared folder with the same name as their
userID, share them as userid$ and set individual
permissions for those folders. Only the Domain Admin and
the individual owner of the folder should have full access
to the folder. Can anyone help me out with this. Thanks in
advance.
Top

Re: Bulk home folder creation, sharing and set permission by Josh

Josh
Thu Feb 24 06:36:38 CST 2005

Avil wrote:
> Hi,
> I have list of users in a csv file(300 users) and I have
> to create a shared folder with the same name as their
> userID, share them as userid$ and set individual
> permissions for those folders. Only the Domain Admin and
> the individual owner of the folder should have full access
> to the folder. Can anyone help me out with this. Thanks in
> advance.
>
I tried setting ntfs permissions with vbscript a while back, and was
totally unsuccessful. YOu could however use cacls which ships with xp
(i think) to set the permissions, but this would require passing control
to a command shell each time u set permissions.
Top

Re: Bulk home folder creation, sharing and set permission by Randy

Randy
Mon Feb 28 11:30:34 CST 2005

Try this script - Change line 5 to match where you want the users home
folders on the server, line 7
to match your domain. The filename you enter in the prompt from line 3
should be like C:\user.txt,
could be hard-coded, and the text file has 1 user per line. The folder name
and share name will be
the same spelling as what is in your file, if the user does not exist, it
goes on the next entry.

Randy Reimers
Network Support

'---------------------begin script---------------------
strComputer = InputBox ("Please Enter the Servername for these Shares",
"Server") 'Get server from Command Line
strFilePath = InputBox ("Please enter the path and file that contains the
users to add", "users")

strServerVolume = "D:\Users" 'Change This Line to Match Specific Server
(ex. D:\)
strNetworkVolume = Replace(strServerVolume,":","$")
strAccountDomain = "dc=corp,dc=tcc,dc=inet"
strPermissionLevel = "M"
Public Const ADS_ACETYPE_ACCESS_ALLOWED = 0

' The following variables are built based on the information above.
strServerHomePath = strServerVolume
strNetworkHomePath = "\\" & strComputer & "\" & strNetworkVolume
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile(strFilePath, 1)
Do Until objFile.AtEndOfStream
strUserName = Trim(objFile.ReadLine)
If strUserName <> "" Then
CreateShare strUserName
End If
strAllUsers = strAllUsers & ", " & strUserName
Loop

WScript.Echo "Done with the list! Created:" & vbCrLf & strAllUsers

'Program ends - begin Subroutines
Sub CreateShare(strUserName)
strServerSharePath = strServerHomePath & "\" & strUserName
strNetworkSharePath = strNetworkHomePath & "\" & strUserName
strShareName = strUserName & "$"
Const FILE_SHARE = 0

Set objWMIService =
GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer &
"\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")

QueryForUser strUserName, strAccountDomain

doesFolderExist = objFSO.folderExists(strNetworkSharePath)

If doesFolderExist = 0 then 'If Folder does not exist, create it via
Network
'Wscript.Echo strSharePath
set objFolder = objFSO.CreateFolder(strNetworkSharePath)
'Wscript.Echo objFolder
End If

doesFolderExist = objFSO.folderExists(strNetworkSharePath) 'Does the
folder exist?

'Wscript.Echo doesFolderExist
'Wscript.Echo strServerSharePath
'Wscript.Echo strShareName

If doesFolderExist = -1 then 'If folder does exist, then create the
share
errReturn = objNewShare.Create(strServerSharePath, strShareName,
FILE_SHARE)
End If

' If errReturn = "0" then Wscript.Echo "The operation completed
successfully."
If errReturn = "2" then Wscript.Echo "The operation could not be
completed because access was denied."
If errReturn = "8" then Wscript.Echo "The operation could not be
completed because of an unknown problem."
If errReturn = "9" then Wscript.Echo "The operation could not be
completed because an invalid name was specified."
If errReturn = "10" then Wscript.Echo "The operation could not be
completed because an invalid level was specified."
If errReturn = "21" then Wscript.Echo "The operation could not be
completed because an invalid parameter was specified."
If errReturn = "22" then Wscript.Echo "The operation could not be
completed because a share by this name already exists."
If errReturn = "23" then Wscript.Echo "The operation could not be
completed because this is a redirected path."
If errReturn = "24" then Wscript.Echo "The operation could not be
completed because the specified folder could not be found."
If errReturn = "25" then Wscript.Echo "The operation could not be
completed because the specified server could not be found."

' Need to remove new Folder if created if Folder already shared.

SetNTFSPermissions strUserName, strPermissionLevel, strNetworkSharePath,
strComputer
End Sub

Sub QueryForUser(samAccountName,searchOU)

strAcctName = samAccountName
strOU = searchOU

strLDAPquery = "<LDAP://" & strOU & ">;(&(objectCategory=User)"
'Wscript.echo strOU

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

objCommand.CommandText = strLDAPquery & _
"(samAccountName=" & strAcctName & "));samAccountName;subtree"

Set objRecordSet = objCommand.Execute

If objRecordset.RecordCount = 0 Then
WScript.Echo strAcctName & " does not exist!"
Wscript.Quit
Else
existsUserAccount = 1
End If

objConnection.Close

End Sub

' Set NTFS Permissions
Sub SetNTFSPermissions(strGroupName, strAccessLevel, strPermFolder,
strComputer)

If strAccessLevel = "R" then newAccessLevel = 1179817
If strAccessLevel = "M" then newAccessLevel = 1245631
If strAccessLevel = "F" then newAccessLevel = 2032127
newFlagLevel = 3 ' Do not inherit permissions from parent folder

Set sec = CreateObject("ADsSecurity")
Set sd = sec.GetSecurityDescriptor("file://" & strPermFolder)
Set dacl = sd.DiscretionaryAcl
Set ace = CreateObject("AccessControlEntry")

For Each ace in dacl
ace.AceFlags = newFlagLevel
If ace.Trustee = "BUILTIN\Users" then
dacl.RemoveAce (ace)
End If
Next

Set ace = CreateObject("AccessControlEntry")

ace.Trustee = strGroupName
ace.AccessMask = newAccessLevel
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
ace.AceFlags = newFlagLevel

dacl.AddAce ace
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sd

End Sub
-------------------end script------------------------



"Josh Gilfillan" <oflig@bigpond.net.au> wrote in message
news:qTjTd.173867$K7.78756@news-server.bigpond.net.au...
> Avil wrote:
>> Hi, I have list of users in a csv file(300 users) and I have to create a
>> shared folder with the same name as their userID, share them as userid$
>> and set individual permissions for those folders. Only the Domain Admin
>> and the individual owner of the folder should have full access to the
>> folder. Can anyone help me out with this. Thanks in advance.
>>
> I tried setting ntfs permissions with vbscript a while back, and was
> totally unsuccessful. YOu could however use cacls which ships with xp (i
> think) to set the permissions, but this would require passing control to a
> command shell each time u set permissions.


Top