Overcome Permissions Errors When Traversing the File System

Question

I am building a VBScript to search for and record the locations of files that have been copied out of a home directory (duplicates).

I currently have a script that recursively searches the C drive and records all file locations to a log file. (This is not elegant, but I am still working on a proof of concept.)

As I iterate through the file system, however, I find that there are a great many folders the script cannot even view- Appdata, Local Settings, My Videos, My Pictures, etc.

So of these are obviously inaccessible to the user, but the user has ownership over the folders in My Documents, so I cannot determine why my script cannot even read their contents. The user is a local administrator.

I have tried running the script with elevated permissions by adding this snippet to the beginning with no change in behavior:

If Not WScript.Arguments.Named.Exists("elevate") Then
    CreateObject("Shell.Application").ShellExecute WScript.FullName _
    , WScript.ScriptFullName & " /elevate", "", "runas", 1
    WScript.Quit
End If

This is a salient Function in the script, with the line that errors out notated (please let me know if another portion would be of aid):

' Get list of ALL files recursively and record them in a text file
Function getAllFilesRecursively (specifiedFolder, logLocation)

    If (Right(specifiedFolder,7)<>"AppData") And _
       (Right(specifiedFolder,16)<>"Application Data") And _
       (Right(specifiedFolder,7)<>"Cookies") And _
       (Right(specifiedFolder,14)<>"Local Settings") Then

        ' Get list of files in current folder
        Set objFSO = CreateObject("Scripting.FileSystemObject")
        Set objFolder = objFSO.GetFolder(specifiedFolder.Path)
        Set colFiles = objFolder.Files

        'This function writes to a specified log file, using the specified method
        writeToFile specifiedFolder, logLocationTemp, "Append" 

        ' For each file, perform a task 
        For Each objFile in colFiles '(<<<<<<<<<<<<<<<<<<<< permissions error)
            ' Compose the full path to the file
            fullPath = specifiedFolder & "\" & objFile.name

            'Save the path to a text file (a newline is automatically added)
            writeToFile fullPath, logLocation, "Append"
        Next

        ' For each folder, Recurse
        For Each Subfolder in specifiedFolder.SubFolders
            getAllFilesRecursively Subfolder, logLocation
        Next
    End If
End Function

Is there any way for me to allow this script access to these folders? The computer is on a domain but I can make whatever modifications necessary (even policies).

score 1 · Accepted Answer · answered Jul 27 '15 at 23:16

1

The folders that are giving you errors probably aren't actual folders, but symbolic links to folders. They exist for compatibility reasons and have an ACE "everyone deny list folder, this folder only" on them to prevent people from browsing. Don't tamper with them. Make an exclusion list to prevent your script from trying to traverse them.

Set exclude = CreateObject("Scripting.Dictionary")
exclude.CompareMode = vbTextCompare
exclude.Add "Application Data", True
exclude.Add "Local Settings", True
...

Function getAllFilesRecursively (specifiedFolder, logLocation)
    ...
    For Each Subfolder in specifiedFolder.SubFolders
        If Not exclude.Exists(Subfolder.Name) Then
            getAllFilesRecursively Subfolder, logLocation
        End If
    Next
End Function

answered Jul 27 '15 at 23:16

Ansgar Wiechers

193,178
25
254
328

Ah. That makes sense. Thank you. Edit: Accidentally posted too soon. So how does one traverse the contents of these folders? Can I ask for their actual path somehow and use that? Knowing the reason why I am getting an error is valuable, but it does not help me perform the task I am attempting. – Ruthalas Jul 28 '15 at 15:55
@th3ophilos If you must, you could shell out to [`junction`](https://technet.microsoft.com/en-us/sysinternals/bb896768) to get the target paths (`fsutil reparsepoint query` will fail with an "access denied" error). However, all of these symlinks point to other folders that you're already traversing. Just ignore them. – Ansgar Wiechers Jul 28 '15 at 17:25
Perhaps I am being dense. If I exclude 'Desktop' for example, how will my script see these files? I have excluded everything that was leading to these errors, and as far as I can tell the script ignores the contents of those files completely. – Ruthalas Jul 28 '15 at 17:53
@th3ophilos Symlinks like `Application Data` point to other folders that are accessible (`AppData\Roaming` in case of the `Application Data`), and the targets should be located in the same filesystem. `Desktop`, however, normally isn't a symbolic link. If you have a non-standard environment you need to provide more information about the folders giving you errors and the actual errors they're giving you. – Ansgar Wiechers Jul 28 '15 at 18:03
As far as I am aware I am using a standard environment. The folders I have had to make exclusions for are the following list, (each yields the same permissions error): AppData, Application Data, Cookies, Local Settings, NetHood, PrintHood, Recent, SendTo, Start Menu, Templates, Documents, Favorites, Default User, Desktop, My Music, My Pictures, My Documents, My Videos – Ruthalas Jul 28 '15 at 18:50
@th3ophilos By default only Application Data, Cookies, Local Settings, My Documents, NetHood, PrintHood, Recent, SendTo, Start Menu, and Templates are symbolic links (or junctions, as Microsoft calls them). Sounds to me like some of the folders in your profile(s) are redirected via policy. – Ansgar Wiechers Jul 28 '15 at 19:08
(Thanks for the continued help, I appreciate it.) I've talked with the gentleman who has set up our policies. He said he hasn't modified anything with respect to those folders or folder re-directions that he is aware of in group policy. Would it be possible to use the method you mentioned above with 'junction' to determine their actual location regardless? – Ruthalas Jul 28 '15 at 21:45
@th3ophilos Yes, certainly. You can use [this](http://stackoverflow.com/a/30626419/1630171) as a starting point. – Ansgar Wiechers Jul 28 '15 at 21:53
Ah! I was able to utilize the 'objShell.Namespace(&H21&)' command and each special folder's WSH Equivalent to get a usable path. Not a particularly extensible method, but well suited to a few exceptions. Thanks again Ansgar- you have increased my understanding of those folders. – Ruthalas Jul 29 '15 at 00:01

Overcome Permissions Errors When Traversing the File System

1 Answers1