Problem with CMD script for creating profile folders

[Calmsoul]

Hello everyone!

Right now I'm learning to administrate Windows Server 2003. I wrote a cmd script to create profile folders for my client users which I already created in Active Directory. The script creates the folder, changes some rights with cacls and sets the owner of the folder to the user account.

The script reads the usernames from a txt file in the same folder so I don't have to enter every user manually. It searches the destination folder if there already is a folder with the intended name and if so skips this name and goes on to next. There's just one "problem": If the folder is created by the script I have to manually confirm the changes done by cacls. I figured out a solution that worked, but stopped working after I put the cacls command into the ELSE argument of an IF command.

This is the code in question:

For /F %%I IN (Users.txt) DO @ (

If Exist "%Pfad%\%%I" (

echo.

echo.

echo Der Profilordner fuer Nutzer %%I existiert bereits...

) ELSE (

echo.

echo.

md "%Pfad%\%%I" <-- This command works inside and outside of the ELSE argument.

echo.

echo y > cacls "%Pfad%\%%I" /G %Domain%\%%I:F BUILTIN\Administrators:F "CREATOR OWNER":F "NT Authority"\System:F <-- This command just works outside the ELSE argument.

echo.

subinacl /file "%Pfad%\%%I" /setowner="%Domain%\%%I" <-- This command works inside and outside of the ELSE argument.

)

)

Without the "echo y >" part the command works just fine inside the ELSE. Has anyone an idea why this is the case and knows a solution?

Many thanks in advance!

[Tripredacus]

I'll move this post to scripting as it appears to be more related to your code than the OS.

[Calmsoul]

Ah Thx!

Hadn't seen this Forum, sorry for the trouble!

[allen2]

I would simply use xcacls (from the resource kit) instead of cacls.

But i would not let creator owner with full control on his homedir (he can delete it and if someone paste files in this folder the user won't be owner of those files). To avoid these problems, i usually set the following rights on a homedir folder:

- administrators: Full control

- system: Full control

- %user%: modify

- optionaly a backup group backup operators.

As most of the time i name homedir after the samid of the user, a simple for line is enough to set the perms for all folders:

for /f "delims=; usebackq" %%i in (`dir /b /ad e:\util`) do (xcacls E:\util\%%i /T /Y /C /P Administrators:F system:F Domain\%%i:C )

[Calmsoul]

Concerning the Owner rights: We were told to do this (and we were told why but I forgot the reason, have to ask again...^^) so take this as given

I tried xcacls while I wrote the script because cacls can not set the owner, but xcacls did not do it correctly (in fact it did nothing) even though it gave an "succesfull" as answer to my command. So I used subinacl for that. For everything else cacls is enough for my purpose so it's one programm less on the server^^ (I know this is just a bad excuse^^).

Now to the code you proposed: I'm not sure because I'm relatively new to this, but I thinke in your code is no check if the folder already exists, am I right? I want it in the script for the case there is a manually corrected right on the already existing folder so that it is not overwritten by the script.

Aside from the your proposes: Any idea why my code isn't working in the first place?^^

I hope my english is understandable as I don't use it very often...

Edited August 6, 2010 by Calmsoul

[Yzöwl]

Aside from the your proposes: Any idea why my code isn't working in the first place?^^

I would suggest because of this!

echo y > cacls "%Pfad%\%%I" /G %Domain%\%%I:F BUILTIN\Administrators:F "CREATOR OWNER":F "NT Authority"\System:F <-- This command just works outside the ELSE argument.

Without the "echo y >" part the command works just fine inside the ELSE. Has anyone an idea why this is the case and knows a solution?

I'm assuming your fix would be to replace the echo y > with echo y |

[Calmsoul]

I will try that on monday at work and will give a feedback. Thx for the answers!

[Calmsoul]

echo y | didn't work either.

Any other Ideas? *sigh*

[gunsmokingman]

Perhaps you could try this VBS script, run the script with cmd promt

I coded it so it will display what folders might be created and where

the code for the permission goes.

Save As MakeUserFolder.vbs

Change this before using

TxtFile = "COD4Servers.txt"

TxtFile = "The\Path\To\TxtFile.txt"

TxtFile = "TxtFile.txt"

Const ForReading = 1

Dim Act :Set Act = CreateObject("Wscript.Shell")
Dim Fso :Set Fso = CreateObject("Scripting.FileSystemObject")

Dim Folder, Name, Path
Dim Ts, TxtFile
Path = Act.CurrentDirectory 
'-> The File To Be Process
 TxtFile = "COD4Servers.txt"
 Set Ts = Fso.OpenTextFile(TxtFile,ForReading)
'-> Read The Text File
   Do Until Ts.AtEndOfStream
    Name = Ts.ReadLine
'-> Filter To Remove Blank Lines
    If Not Len(Name) = 0 Then
     Folder = Path & "\" & Name
'-> The Folder Does Not Exists 
     If Not Fso.FolderExists(Folder) Then
'-> Code Here To Add The Folder And Set Permissions
      WScript.Echo "Create Folder " & Folder
      WScript.Echo "Code Here For Permission" & vbCrLf 
      WScript.Sleep 250
     End If 
    End If 
   Loop
 Ts.Close 

[Yzöwl]

echo y | didn't work either.

Any other Ideas? *sigh*

The line you had was sending the letter y to a file with a name starting cacls.

The one I gave was simply my interpretation of what I thought you meant to do which was to send a y as a response to the cacls command.

In real terms I'm not aware of a reason why cacls would wait for a Y | N response so you should be able to start the line at cacls

You would also have to ensure that users.txt existed %Pfad% was defined, (Probably %USERPROFILE%\..), and of course that the %USERNAME% from users.txt actually existed.

[cluberti]

Slightly OT but still relevant, there are better ways to do permissions than using cacls, and those are xcacls.vbs, subinacl, or setacl, for what it's worth. It won't help you fix your script, but you should consider these alternatives if you do this often.