Granting permission to domain user for folder not working

Question

I'm converting my code to use icacls and currently following this tutorial: https://ss64.com/nt/icacls.html.

On this part,

Grant the user jdoe rights to create, edit and delete files in the folder C:\demo\example\, but prevent deletion of the folder itself:

:: First remove inheritance and grant admins Full control to the top folder icacls "C:\demo\example" /inheritance:r /grant:r administrators:(OI)(CI)(F)

:: Grant Modify + Delete Child to subfolders and files only icacls "C:\demo\example" /grant:r ss64Dom\jdoe:(OI)(CI)(IO)(M,DC) /T

:: Grant Read/Execute, Write and Append to the top level folder icacls "C:\demo\example" /grant:r ss64Dom\jdoe:(RX,WD,AD)

:: if any pre-existing subfolders Grant admins Full control icacls "C:\demo\example" /grant:r administrators:(OI)(CI)(F) /T

, I was able to get the right results for the first instruction but the second one doesn't work for me. I tried to change the M,DC part with F but it doesn't work as well.

This is my code.

Option Explicit
On Error Resume Next
Dim objShell,objFSO, ProgramFiles, X, Y, intRunError, strFolders,strFiles, strNTGroup
Dim strFolder, strFile, strUserName, strEveryone, strDomain

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

strFolders = Array(_
"C:\Users\User\Documents\test_folder3",_
"C:\Users\User\Documents\test_folder2",_
"C:\Users\User\Documents\test_folder")

strFiles = Array(_
"C:\Users\User\Documents\test_file.txt",_
"C:\Users\User\Documents\test_file2.txt")

'User's User Name
strDomain = "Domain"
strUserName = strDomain & "\User"
strEveryone = "Everyone"

WScript.Echo "Set permissions for", strUserName, vbCRLF

'Assign User Permissions to Folders.
For X = 0 to Ubound(strFolders)
    strFolder = strFolders(X)
    If objFSO.FolderExists(strFolder) Then
        WScript.Echo "Folder: " & strFolder
        'intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " & strFolder & " /E /C /G " & strUserName & ":F", 2, True)
        objShell.Run "icacls " & strFolder & " /inheritance:r /grant:r administrators:(OI)(CI)(F)", 2, True
        intRunError = objShell.Run("icacls " & strFolder & " /grant:r " & strUserName & ":(OI)(CI)(IO)(M,DC) /T", 2, True)

        If intRunError <> 0 Then
            Wscript.Echo "Folder ErrCode: " & intRunError
            Wscript.Echo "Error assigning permissions for user " _
            & strNTGroup & " to folder " & strFolder
        End If

    Else
        WScript.Echo "Folder " & strFolder & " not found"
    End If
Next

I'm running it on my local Windows 7 PC btw.

This is how my current code looks like.

Option Explicit
On Error Resume Next
Dim objShell,objFSO, ProgramFiles, X, Y, intRunError, strFolders,strFiles, strNTGroup
Dim strFolder, strFile, strUserName, strUName, strEveryone, strDomain, intRunError2, intRunError3

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

strFolders = Array(_
"C:\Users\User\Documents\test_folder3",_
"C:\Users\User\Documents\test_folder2",_
"C:\Users\User\Documents\test_folder")

strFiles = Array(_
"C:\Users\User\Documents\test_file.txt",_
"C:\Users\User\Documents\test_file2.txt")

'User's User Name
strDomain = objShell.ExpandEnvironmentStrings( "%USERDOMAIN%" )
strUserName = objShell.ExpandEnvironmentStrings( "%USERNAME%" )
strUName = strDomain & "\User" 
strEveryone = "Everyone"

WScript.Echo "Set permissions for", strUName, vbCRLF

'Assign User Permissions to Folders.
For X = 0 to Ubound(strFolders)
    strFolder = strFolders(X)
    If objFSO.FolderExists(strFolder) Then
        WScript.Echo "Folder: " & strFolder
        intRunError = objShell.Run("icacls " & strFolder & " /inheritance:r /grant:r administrators:(OI)(CI)(F)", 2, True)

        If intRunError <> 0 Then 'If no error, proceed
            Wscript.Echo "Folder Error1: ", intRunError
            Wscript.Echo "Error assigning admin permissions for user " _
            & strUName & " to folder " & strFolder
        Else
            Set intRunError2 = objShell.Exec("icacls " & strFolder & " /grant:r " & strUName & ":(OI)(CI)(NP)(IO)(M,DC) /T", 2, True)

            Wscript.Echo "Exit code: " & intRunError2
            Wscript.Echo "ErrMsg: " & intRunError2.StdErr.ReadAll

            If intRunError3 <> 0 Then
            Wscript.Echo "Folder Error3: " & intRunError2
            Wscript.Echo "Error assigning permissions for user " _
            & strUName & " to folder " & strFolder

            Wscript.Echo "Exit code: " & intRunError2
            Wscript.Echo "ErrMsg: " & intRunError2.StdErr.ReadAll
            End If
        End If

    Else
        WScript.Echo "Folder " & strFolder & " not found"
    End If

    WScript.Echo "-------------------"
Next

Wscript.Echo "Done setting folder permissions", vbCRLF

Set objFSO = Nothing
Set objShell = Nothing

WScript.Quit

The first objShell.Run works. On the following objShell.Exec, no error appears but it doesn't do anything as well.

Today found about `Exec`. I used `Exec` and found out I have Access is denied. — rminaj, Jun 07 '19 at 10:28
Hi, create a folder like share Set the rights to any User, create inside this your sub share With group you need to Set this should work — djdomi, Jun 07 '19 at 19:10
@HarryJohnston I've run it as administrator but still the same result. The permissions doesn't get applied to the folder. — rminaj, Jun 08 '19 at 05:43
@djdomi I'm not trying to create a share folder. I'm trying to create a logon script that would change a user's permission upon login. I wasn't able to make the logon part work but I'm making the logic work first as it is more important. — rminaj, Jun 08 '19 at 05:45
At first, the folder got the SYSTEM, domain user, and Administrator with full permission but no special permission. — rminaj, Jun 08 '19 at 06:05

Granting permission to domain user for folder not working

0 Answers0