Script: NTFS rights on user home directories

Have a normal Windows setup where the user have a home folder on the file server. All the users is connected to there \fileserverhome$%username% via GPO on logon. How ever we found that some of the folders had rights that where messed up. So i wrote a quick script that loopes through all folders and checks if there is a user account in the domain if not it will move the directory to __unconnected__ folder. For all know users it uses cacls command to set rights for the user and admins only. If you need something else you can just edit the cacls command before you run it! Script is provided as is and feel free to modify it…

Download script here: [wpdm_file id=2]

[vb]
Option Explicit
‘ON ERROR RESUME NEXT
Dim path, objRoot, domainname, fso, rootFolder, folder, objShell, intRunError
path = inputbox("Enter path of homedirs:")

‘ Get current domain
IF domainname = "" THEN
SET objRoot = GETOBJECT("LDAP://RootDSE")
domainname = objRoot.GET("defaultNamingContext")
END IF

‘ Setup FSO connection
Set fso = CreateObject("Scripting.FileSystemObject")
Set rootFolder = fso.GetFolder(path)
Set objShell = WScript.CreateObject( "WScript.Shell" )

‘ Go through all homedir folders
For Each folder in rootFolder.SubFolders
if(FindUser(folder.Name, domainname) = 1) Then
‘ Folder found reset the permissions
wscript.echo folder.Name + " – has a user connected! Reseting the permissions…"
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " & folder.Path & " /t /c /g Administrators:F ""Domain Admins"":F " & folder.Name & ":F", 1, True)
If intRunError <> 0 Then
wscript.echo folder.Name + " – ERROR assigning rights!"
wscript.echo intRunError
else
wscript.echo folder.Name + " – Rights asigned!"
End If
elseif(FindUser(folder.Name, domainname) = 0) then
‘ This folder isn’t connected move it
If(folder.Name <> "__unconnected__") then
wscript.echo folder.Name + " – doesn’t have a user connected! Moving to .__unconnected__"
fso.MoveFolder folder.Path, rootFolder.Path + "__unconnected__"
End If
else
wscript.echo "ERROR: Connection to AD failed!"
End If
Next

Set objRoot = Nothing
Set fso = Nothing
Set rootFolder = Nothing
Set objShell = Nothing

‘ Function to check if user exists
FUNCTION FindUser(BYVAL UserName, BYVAL Domain)
Dim cn,cmd,rs
SET cn = CREATEOBJECT("ADODB.Connection")
SET cmd = CREATEOBJECT("ADODB.Command")
SET rs = CREATEOBJECT("ADODB.Recordset")

cn.open "Provider=ADsDSOObject;"

cmd.activeconnection=cn
cmd.commandtext="SELECT ADsPath FROM ‘LDAP://" & Domain & _
"’ WHERE sAMAccountName = ‘" & UserName & "’"

SET rs = cmd.EXECUTE

IF err<>0 THEN
FindUser = 2
wscript.echo "Error connecting to Active Directory Database:" & err.description
ELSE
IF NOT rs.BOF AND NOT rs.EOF THEN
rs.MoveFirst
FindUser = 1
ELSE
FindUser = 0
END IF
END IF
cn.close
END FUNCTION
[/vb]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: