Problem with assigning permissions with CACLS in VBScript

[pmfphd]

We have a VBScript that we run nightly to create new user's accounts in
AD. Part of this script creates the user's home directory and grants
the appropriate permissions to that folder. The permissions are not
being set. Here is a code snippet:

Dim objShell, intRunError
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

' Assign user permission to home folder.
If objFSO.FolderExists(strHomeFolder) Then
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " &
strHomeFolder & " /t /c /g Administrators:F " & strSamAccountName & ":R
" & strSamAccountName & ":C", 2, True)
If intRunError <> 0 Then
Print "Error assigning permissions for user " & strSamAccountName &
" to home folder " & strHomeFolder
Else
Print "Permissions successfully assigned for user " &
strSamAccountName & " to home folder " & strHomeFolder
End If
Else
Print "Folder " & strHomeFolder & " does not exist."
End If

Set objFSO = Nothing
Set objShell = Nothing

Note that strHomeFolder and strSamAccountName are Dimmed and have their
values set in prior code. The folder is also successfully being
created as is the user in AD before this code is executed. Whenever
we run this script, we get the error, "Error assigning permissions for
user..." from the If statement. Can anyone suggest a solution to this
problem?

Thanks,
Paul M. Frazier
(e-mail address removed)

 

[Jerold Schulman]

Why are you setting strSamAccountName to both R and C, as C includes R?
Try it without the duplication.

Did you mean to replace the permission (/T) instead of editing them (/E)?
If you did, you should also grant SYSTEM:F.

The following worked for me:

Dim objShell, intRunError
strHomeFolder = "C:\ztest"
strSamAccountName = "John.Doe"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")
' Assign user permission to home folder.
If objFSO.FolderExists(strHomeFolder) Then
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " & strHomeFolder & " /t /c /g Administrators:F " & strSamAccountName & ":C", 2, True)
If intRunError < 0 Then
Wscript.Echo "Error assigning permissions for user " & strSamAccountName & " to home folder " & strHomeFolder
Else
Wscript.Echo "Permissions successfully assigned for user " & strSamAccountName & " to home folder " & strHomeFolder
End If
Else
Wscript.Echo "Folder " & strHomeFolder & " does not exist."
End If
Set objFSO = Nothing
Set objShell = Nothing

We have a VBScript that we run nightly to create new user's accounts in
AD. Part of this script creates the user's home directory and grants
the appropriate permissions to that folder. The permissions are not
being set. Here is a code snippet:

Dim objShell, intRunError
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

' Assign user permission to home folder.
If objFSO.FolderExists(strHomeFolder) Then
intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " &
strHomeFolder & " /t /c /g Administrators:F " & strSamAccountName & ":R
" & strSamAccountName & ":C", 2, True)
If intRunError <> 0 Then
Print "Error assigning permissions for user " & strSamAccountName &
" to home folder " & strHomeFolder
Else
Print "Permissions successfully assigned for user " &
strSamAccountName & " to home folder " & strHomeFolder
End If
Else
Print "Folder " & strHomeFolder & " does not exist."
End If

Set objFSO = Nothing
Set objShell = Nothing

Note that strHomeFolder and strSamAccountName are Dimmed and have their
values set in prior code. The folder is also successfully being
created as is the user in AD before this code is executed. Whenever
we run this script, we get the error, "Error assigning permissions for
user..." from the If statement. Can anyone suggest a solution to this
problem?

Thanks,
Paul M. Frazier
(e-mail address removed)

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com