tazdev Posted October 6, 2005 Posted October 6, 2005 I am stuck. Here is what I need to do, I have a script that will run on the user's PC. It notes the OS and the network printers installed. After so many logins it even backs up the user's favorites. However, I am using a counter in the text file created so that it only backs up every 15th time. The problem is this: there has been a change in the security structure. The XP OS has it set so that regular user's have only read access to the main folder and subfolders. They have full access to the temp folder but since I have a counter in the TXT file and they clean that folder out I don't want it there. What I would like to know is: Is there a way to have a script that I run from my PC (I am an admin on all PC's) that will let me create a folder and set up the rights on the remote PC to allow users to have read/write permissions on that folder? I know how to create the folder but the folder has inherited rights. Those have the user with no write permissions. I need them to have write permissions. Any ideas? I am out of them.
Confuzzled Posted October 6, 2005 Posted October 6, 2005 Are you an admin, or are you not? If you are, then shouldn't you be able to achieve what you want by giving write access to all users for a particular folder? The other option is to change the 'security structure' but somehow I suspect you don't have control over that.
jefhal Posted October 6, 2005 Posted October 6, 2005 I know how to create the folder but the folder has inherited rights. Those have the user with no write permissions. I need them to have write permissions. Any ideas? I am out of them.This is a scrap from a gui that I use with Active Directory to change permissions on a remote machine. Please let me know if some of these lines are too cryptic and I'll translate. Basically I put the cacls.exe command into a batch file and then run it. Crude, but I don't have time to do any more with it and it works:Case $msg = $go $SysC = "\\" & $SysSelect & $path if FileExists($SysC) = 1 Then $TarFold = '"\\' & $SysSelect & StringTrimLeft($TarFold,StringInStr($TarFold,"c$")-2) $caclpath = "c:\winnt\system32\cacls.exe " & "" & $TarFold & "" & " /T /E /G everyone:" & _ $perm & " <\\server\yesfile" FileOpen("c:\temp\ChgFoldPerm.bat",2) FileWrite("c:\temp\ChgFoldPerm.bat",$caclpath) FileClose("c:\temp\ChgFoldPerm.bat") run(@comspec & ' /c ' & "c:\temp\ChgFoldPerm.bat") elseif FileExists($SysC) <> 1 Then msgbox(48,"System not online",$SysSelect & " is not on line at this time!") EndIf EndSelect ...by the way, it's pronounced: "JIF"... Bob Berry --- inventor of the GIF format
tazdev Posted October 7, 2005 Author Posted October 7, 2005 This is a scrap from a gui that I use with Active Directory to change permissions on a remote machine. Please let me know if some of these lines are too cryptic and I'll translate. Basically I put the cacls.exe command into a batch file and then run it. Crude, but I don't have time to do any more with it and it works:Looks like CACLS.EXE is what I am looking for. Yes I have admin rights (as I noted already) on ALL PC's. However, I do not want to change the current security structure instituted by our director. All I want to do is make an install that will push the backup routine to each PC I select, then change the permissions on the folder it will create so that the users have read/write access to it. This is not so much a problem with 2000 as it is with XP. 2000 is not set up that way but we are doing something different with XP.Thanks jefhal
Skruge Posted October 7, 2005 Posted October 7, 2005 This is not so much a problem with 2000 as it is with XP. 2000 is not set up that way but we are doing something different with XP.Make sure that "ForceGuest" is disabled on your XP systems. If it's turned on, you'll be authenticating as guest even though you should have admin rights.If they're XP Home edition, you're out of luck. [font="Tahoma"]"Tougher than the toughies and smarter than the smarties"[/font]
tazdev Posted October 10, 2005 Author Posted October 10, 2005 Tested and working used this line as the syntax. I modified it for the PC names and folder names. Worked very nicely. I looked on the target PC and checked the permissions. Domain Users has Read and Write rights and Admins have full control. Important to note that CACLS will REPLACE not add to the current security settings for the folder. echo y| CACLS "\\<PCNAME>\C$\<FOLDER>" /G "Domain Users":C Administrators:F
jefhal Posted October 10, 2005 Posted October 10, 2005 Important to note that CACLS will REPLACE not add to the current security settings for the folder.Look up these parameters to avoid REPLACE: /T /E /G ...by the way, it's pronounced: "JIF"... Bob Berry --- inventor of the GIF format
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now