Script: NTFS rights on user home directories
Have a normal Windows setup where the user have a home folder on the file server. All the users is connected to there \fileserverhome$%username% via GPO on logon. How ever we found that some of the folders had rights that where messed up. So i wrote a quick script that loopes through all folders and checks if there is a user account in the domain if not it will move the directory to __unconnected__ folder. For all know users it uses cacls command to set rights for the user and admins only. If you need something else you can just edit the cacls command before you run it! Script is provided as is and feel free to modify it…
Download script here: [wpdm_file id=2]
‘ON ERROR RESUME NEXT
Dim path, objRoot, domainname, fso, rootFolder, folder, objShell, intRunError
path = inputbox("Enter path of homedirs:")
‘ Get current domain
IF domainname = "" THEN
SET objRoot = GETOBJECT("LDAP://RootDSE")
domainname = objRoot.GET("defaultNamingContext")
‘ Setup FSO connection
Set fso = CreateObject("Scripting.FileSystemObject")
Set rootFolder = fso.GetFolder(path)
Set objShell = WScript.CreateObject( "WScript.Shell" )
‘ Go through all homedir folders
For Each folder in rootFolder.SubFolders
if(FindUser(folder.Name, domainname) = 1) Then
‘ Folder found reset the permissions
wscript.echo folder.Name + " – has a user connected! Reseting the permissions…"
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " & folder.Path & " /t /c /g Administrators:F ""Domain Admins"":F " & folder.Name & ":F", 1, True)
If intRunError <> 0 Then
wscript.echo folder.Name + " – ERROR assigning rights!"
wscript.echo folder.Name + " – Rights asigned!"
elseif(FindUser(folder.Name, domainname) = 0) then
‘ This folder isn’t connected move it
If(folder.Name <> "__unconnected__") then
wscript.echo folder.Name + " – doesn’t have a user connected! Moving to .__unconnected__"
fso.MoveFolder folder.Path, rootFolder.Path + "__unconnected__"
wscript.echo "ERROR: Connection to AD failed!"
Set objRoot = Nothing
Set fso = Nothing
Set rootFolder = Nothing
Set objShell = Nothing
‘ Function to check if user exists
FUNCTION FindUser(BYVAL UserName, BYVAL Domain)
SET cn = CREATEOBJECT("ADODB.Connection")
SET cmd = CREATEOBJECT("ADODB.Command")
SET rs = CREATEOBJECT("ADODB.Recordset")
cmd.commandtext="SELECT ADsPath FROM ‘LDAP://" & Domain & _
"’ WHERE sAMAccountName = ‘" & UserName & "’"
SET rs = cmd.EXECUTE
IF err<>0 THEN
FindUser = 2
wscript.echo "Error connecting to Active Directory Database:" & err.description
IF NOT rs.BOF AND NOT rs.EOF THEN
FindUser = 1
FindUser = 0