+ Post New Thread
Results 1 to 8 of 8
How do you do....it? Thread, Create a secure scratch folder on login in Technical; When i was at college each computer had a scratch partition which was used for local temporary storage, the idea ...
  1. #1
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    815
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39

    Create a secure scratch folder on login

    When i was at college each computer had a scratch partition which was used for local temporary storage, the idea being if you were doing audio or video editing you don't encounter bandwidth issues.
    When a user logged in a folder would be created in the scratch partition with the username and only that person could access that folder (permission denied to anyone else), so if only 10 people had logged in on that machine there would only be 10 folders present.

    I'm trying to recreate something similar but on a network share rather than a drive partition but i'm struggling to find a way create the folders. It's an RM CC3 network and i have a vbscript which runs as a post desktop application, so it's executed just after the desktop is loaded. The problem is that the folder permissions for the root of the share need write access for all students to create the folders, and when the folders are created those write permissions are inherited onto the userfolder, so everyone has full access.

    So i'm struggling to find a way to set the top level permissions so that created subfolders don't inherit permissions and just allow the 'owner' full access.

    Any help would be much appreciated.

  2. #2

    Join Date
    Feb 2006
    Location
    Dorset/Hants
    Posts
    87
    Thank Post
    2
    Thanked 13 Times in 10 Posts
    Rep Power
    19
    Quote Originally Posted by morganw View Post
    When i was at college each computer had a scratch partition which was used for local temporary storage, the idea being if you were doing audio or video editing you don't encounter bandwidth issues.
    That basically what we do.

    I'm trying to recreate something similar but on a network share rather than a drive partition but i'm struggling to find a way create the folders.
    Surely putting it on the network brings back bandwidth issues ?

    So i'm struggling to find a way to set the top level permissions so that created subfolders don't inherit permissions and just allow the 'owner' full access.
    I have a startup script which does;

    mkdir c:\workspace

    When the user logs on a script does a "subst w: c:\workspace" - keeps it simple, W: is the workspace drive.

    Permissions are set so that students can create their own folders inside c:\workspace but others cannot access them.

    I do it via group policy setting though you could script it - you need to look at the advanced page for permissions;

    On the root folder authenticated users are given;

    "This folder only"

    List folder / Read data
    Read attributes
    Read extended attributes
    Create folders / Append data
    Read permissions


    CREATOR OWNER is given;

    "Subfolders and files only"

    All allow except,
    full control
    Chnage permissions
    Take ownership


    Plus whatever permission you want for administrators.


    These were taken from a MS article that I used years ago to get our folder redirection to automatically create user homedirs/MyDocs with permissions set by magic.


    Tim

  3. #3
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,111
    Thank Post
    189
    Thanked 223 Times in 190 Posts
    Rep Power
    90
    @TimH
    You couldn't attach the scripts by any chance?
    It sounds like exactly what I've been wanting to get done for ages!

  4. #4

    Join Date
    Feb 2006
    Location
    Dorset/Hants
    Posts
    87
    Thank Post
    2
    Thanked 13 Times in 10 Posts
    Rep Power
    19
    Quote Originally Posted by mb2k01 View Post
    @TimH
    You couldn't attach the scripts by any chance?
    It sounds like exactly what I've been wanting to get done for ages!
    Not sure what you want, scripts to do what?

    I only mentioned a logon script that does a subst, and a startup script which does a mkdir, they don't really contain any more than I wrote.

    Tim

  5. #5
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    815
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    Quote Originally Posted by TimH View Post

    Surely putting it on the network brings back bandwidth issues ?
    True, but at the moment it's only needed in the Music department which only has about a dozen machines. It's tested out fine, although in the long run I am looking to move back to local scratch drives. Makes it easy to backup and monitor too.

    Thanks for the pointers, it would be great to see the scripts, but just what you've given me so far is great.

  6. #6
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,111
    Thank Post
    189
    Thanked 223 Times in 190 Posts
    Rep Power
    90
    Quote Originally Posted by TimH View Post
    Not sure what you want, scripts to do what?

    I only mentioned a logon script that does a subst, and a startup script which does a mkdir, they don't really contain any more than I wrote.

    Tim
    Well.... the .vbs(?) files that you run at startup?
    I'm not too hot on vbs (or any programming language other than HTML / CSS for that matter!) but assume you wouldn't just type in the raw commands that you put in your post would you?

  7. #7

    Join Date
    Feb 2006
    Location
    Dorset/Hants
    Posts
    87
    Thank Post
    2
    Thanked 13 Times in 10 Posts
    Rep Power
    19
    Quote Originally Posted by morganw View Post
    True, but at the moment it's only needed in the Music department.
    I originally set this up for video editing but it has moved to the music dept. too.

    Thanks for the pointers, it would be great to see the scripts,
    I've just checked and the "subst W: c:\workspace" isn't even a script, it's simply in the group policy for the machines in the rooms which have a scratch area, as a "run these user programs at logon" setting.

    The mkdir is in the startup script for the same machines along with lines to share the folder for/with staff access.

    Code:
    mkdir c:\workspace
    net share workspace$=c:\workspace
    \\ourschool\system\netapps\setacl.exe workspace$ /share /grant "ourschool\All staff" /full 
    \\ourschool\system\netapps\setacl.exe workspace$ /share /revoke "everyone" /full
    Tim

  8. Thanks to TimH from:

    mb2k01 (22nd April 2009)

  9. #8

    Join Date
    Feb 2006
    Location
    Dorset/Hants
    Posts
    87
    Thank Post
    2
    Thanked 13 Times in 10 Posts
    Rep Power
    19
    Quote Originally Posted by mb2k01 View Post
    Well.... the .vbs(?) files that you run at startup?
    I'm not too hot on vbs (or any programming language other than HTML / CSS for that matter!) but assume you wouldn't just type in the raw commands that you put in your post would you?
    Yes, if that's good enough !

    If a simple .bat/.cmd file will do then that's what I use (e.g. mkdir etc. DOS-style commands), if it needs a bit more then I'll use vbscript, a little more and I like Python - with a recent install off Exchange 2007 now having to get into powershell.

    Tim

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 13th April 2009, 06:29 PM
  2. Create Folder At Logon: Active Directory
    By DaveP in forum Windows Server 2008
    Replies: 3
    Last Post: 3rd December 2008, 06:37 AM
  3. Create Read only Folder
    By daveyboy in forum Netware
    Replies: 0
    Last Post: 16th August 2008, 12:15 PM
  4. create a folder with dates,
    By sharkster in forum Scripts
    Replies: 2
    Last Post: 3rd April 2008, 09:04 AM
  5. Secure Folder
    By SimpleSi in forum Windows
    Replies: 17
    Last Post: 5th October 2006, 12:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •