InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Setting user permissions on a directory? |
| Answer» <html><body><p>First let me say hi to you all since I just registered and this is my first post.<br/><br/>This is the situation I am working with right now:<br/><br/>\\SERVER\HOME\(USERNAME) - Directory where all users exist<br/><br/>Everytime when I create a new account in the AD, users and computers,<br/>I have to manually create a directory with the username (for example \\SERVER\HOME\JL120).<br/><br/>I have tried to do this in a batch file, which works like a charm, of <a href="https://interviewquestions.tuteehub.com/tag/course-246352" style="font-weight:bold;" target="_blank" title="Click to know more about COURSE">COURSE</a>.<br/><br/>Alas, I also have to put permissions on that directory, with previously mentioned example JL120 having every permission on the directory JL120. When I create a directory in DOS, domain admins and other admins have all the permissions, which is good, but I can't seem to figure out how to put read/write/alter permissions for a single user on a single directory in DOS. Is there even a way?<br/><br/><br/>I thank you in advance!<br/>C:\test>attrib /?<br/>Displays or changes file attributes.<br/><br/>ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+<a href="https://interviewquestions.tuteehub.com/tag/h-236823" style="font-weight:bold;" target="_blank" title="Click to know more about H">H</a> | -H] [+I | -I]<br/> [drive:][path][filename] [/S [/D] [/L]]<br/><br/> + Sets an attribute.<br/> - Clears an attribute.<br/> R Read-only file attribute.<br/> A Archive file attribute.<br/> S System file attribute.<br/> H Hidden file attribute.<br/> I Not content indexed file attribute.<br/> [drive:][path][filename]<br/> Specifies a file or files for attrib to process.<br/> /S Processes matching files in the current folder<br/> and all subfolders.<br/> /D Processes folders as well.<br/> /L Work on the attributes of the Symbolic Link versus<br/> the target of the Symbolic Link<br/><br/><br/>C:\test>Thanks for your reply!<br/><br/>Your above solution works, of course, but that is also part of the problem.<br/><br/>If I decide to change the attributes of a directory with attrib, it will change the attributes of the folder for everyone, rather than changing it for a single user.<br/><br/>My goal is to create a folder, and give 1 single user (of my preference) permissions on it (such as "allowed to read - not write, or allowed to read and write etc.).<br/><br/>Thanks for the effort though! Quote from: GKamst on July 16, 2010, 04:33:07 AM</p><blockquote>Thanks for your reply!<br/><br/>Your above solution works, of course, but that is also part of the problem.<br/><br/>If I decide to change the attributes of a directory with attrib, it will change the attributes of the folder for everyone, rather than changing it for a single user.<br/><br/>My goal is to create a folder, and give 1 single user (of my preference) permissions on it (such as "allowed to read - not write, or allowed to read and write etc.).<br/><br/>Thanks for the effort though! <br/></blockquote> <br/>What you <a href="https://interviewquestions.tuteehub.com/tag/need-25476" style="font-weight:bold;" target="_blank" title="Click to know more about NEED">NEED</a>, is to change the Access Control List.<br/><br/>It doesn't actually change any attributes, but it's an important part of a multi-user network setup. the "cacls" utility is included in XP Pro (if I remember correctly):<br/><br/>cacls /T /G username:<br/><br/><a href="https://interviewquestions.tuteehub.com/tag/replace-karana-ka-sharatakata-622250" style="font-weight:bold;" target="_blank" title="Click to know more about REPLACE">REPLACE</a> the folder and username with your values of course;<br/><br/> is one of R(read),W(write),C(change), or F(Full Control). <br/><br/> Quote from: BC_Programmer on July 16, 2010, 05:06:55 AM<blockquote>What you need, is to change the Access Control List.<br/><br/>It doesn't actually change any attributes, but it's an important part of a multi-user network setup. the "cacls" utility is included in XP Pro (if I remember correctly):<br/><br/>cacls <folder> /T /G username:<permissions><br/><br/>replace the folder and username with your values of course;<br/><br/><permissions> is one of R(read),W(write),C(change), or F(Full Control). <br/><br/><br/></blockquote> <br/>Thanks a bunch, this actually works!<br/><br/>This however, brought up another issue that I need to deal with now,<br/>which is the following:<br/><br/>I have a batch file that does the following:<br/><br/>set /P username=Enter a username: <br/>mkdir [fileserver]\userdirectories\%username%<br/>echo Y|cacls [fileserver]\userdirectories\%username% /T /G [domain]\administrators:F<br/>echo Y|cacls [fileserver]\userdirectories\%username% /T /G [domain]\%username%:F <---Which I needed the <a href="https://interviewquestions.tuteehub.com/tag/command-11508" style="font-weight:bold;" target="_blank" title="Click to know more about COMMAND">COMMAND</a> I requested for in the first place <br/><br/><br/>When I run the batch file, the directory is created as it should, and the administrators (and other "hard" usernames (such as domaincontrollers, and basically everything that isnt derived from a variable like %username% is permitted to do whatever I gave permissions for.<br/><br/><br/>Except, when the batch reaches the point where it needs to give [domain]\%username% permissions, I seem to get an error that says: "No mapping between account names and security IDs was done".<br/><br/>I am oblivious of what this means Thanks for your time though, you have helped me great so far!I think I have got it!!!<br/><br/>In my original file, I tried to set permissions on a directory on a one-user-per-command kind of base.<br/><br/>So...<br/><br/><br/>echo Y|cacls [domain]\userdirectories\%username% /T /G [domain]\administrator:F<br/>echo Y|cacls [domain]\userdirectories\%username% /T /G [domain]\my-admin-account;F<br/>echo Y|cacls [domain]\userdirectories\%username% /T /G [domain]\domaincontrollers:F<br/>echo Y|cacls [domain]\userdirectories\%username% /T /G [domain]\%username%:F<br/><br/>BUT because cacls always overwrites previously set permissions when you declare new ones,<br/>everytime I set a new permission, it would wipe the old ones.<br/><br/><br/>This means, that when the command line finally got to the "Give %username% permissions on this map", it would REMOVE my own permissions, thus making me unable to actually GIVE permission on that folder for someone else, seeing as I didn't have any permissions of my OWN anymore.<br/><br/>So now, I tried to do this:<br/><br/>echo Y|cacls [domain]\userdirectories\%username% /T /G [domain]\account1:F [domain]\account2:f [domain]\account3:F.... and so on and so on<br/><br/>in ONE command line.<br/><br/>This actually does the job! <br/><br/><br/>I owe you much, thanks for your help!!</body></html> | |