HI all i have Project to my college and i need help on some Scripts to Create 1000 User and make "share folder"
with the User name for each User of them and set the permissions for it "user only one can see/read/write this Folder and + Administrator Account
and make the user change the password at the First login
I can't write Scripts i can read it only if any one help me with a specifically Scripts to do that not a lot of things and i can't understandably
cheers
Last edited by zooroo44; 26th June 2011 at 01:40 AM.
any help ?????
ntfsfix from wisesoft, google it
zooroo44 (27th June 2011)
NTFSfix with cacls.exe (command line) to fix ownership. Just set the root folder as the share, with permissions appropriately set. NTFS will take care of the rest.
zooroo44 (27th June 2011)
I think you are after something like this.
I wrote this myself and have modified it numerous times over the years. I have added comments into the script to make reading easier.
This basically parses a "users.csv" file which contains surname, forename, year of entry, username. The details are contained within the script. I create the username in Excel using the Concatenate command, such as =concatenate("2011",a1,left(b1,1)) which would give 2011SmithN for example.
The script creates the account, sets user group and default password of "password". Enables the 'must change at first logon', creates the users home drive and shares it and sets permissions.
You get the idea, have a look and see what you can follow
zooroo44 (27th June 2011)
i don't know what to say Thanks you all of you bros you help me so much
thank-you.jpeg
No worries, post back if you are having problems
i read the Script i understand a lot of it ButOriginally Posted by themightymrp
I think you are after something like this.
I wrote this myself and have modified it numerous times over the years. I have added comments into the script to make reading easier.
This basically parses a "users.csv" file which contains surname, forename, year of entry, username. The details are contained within the script. I create the username in Excel using the Concatenate command, such as =concatenate("2011",a1,left(b1,1)) which would give 2011SmithN for example.
The script creates the account, sets user group and default password of "password". Enables the 'must change at first logon', creates the users home drive and shares it and sets permissions.
You get the idea, have a look and see what you can follow
' Create H drive folder based on account name
this is what i'm looking for
' Use "psexec" to launch the NET SHARE command on the server in order to
' create a share with Everyone group having Full Control (like Win2000/2003)
i need to make every one has full control on his Folder only
'Use xcacls to set NTFS permissions on the H drive folder
i don't know how to use xcacls To set the permissions
Year of entry (or the word staff)
can i replace staff with another word like First Third ete..
Create the User account in the correct OU
if i replace this line with my data As this
Set objOU = GetObject("LDAP://OU=" & strYearEntry & ",OU=First year,dc=HICISschool,dc=local")
this make the users in Ou called "Firstyear" in the Domain called"HICISschool.local"
objUser.Put "profilePath", "\\gateway2\staffpro$\profiles\" & strUserName
this "profilePath" in the Server Called gateway2 so if my server call Web1
it willbe like that ?
objUser.Put "profilePath", "\\web2\staffpro$\profiles\" & strUserName
' Provide message to user to remind about printer credits
we didn't have printer rights for the Srudents can remove this part to
"objTextFile.Close"
and about the permissions
i need to make every one has full control on his Folder only
thanks for your time and help
OK lets tackle these questions.
The psexec.exe tool allows me to run command line commands as though I were on the server directly. For example if I type "psexec server1 makedir c:\folder" it would create a folder called 'folder' in the root of the C: drive on the server, not my local PC. I can upload this file if you need it, I can't remember where I got it now? Somewhere on Microsoft.com
Secondly, you want to allow the user to have full control over their folder but no-one else right? It's up to you how secure you want things. I usually have the share set to have 'EVERYONE' with full control but then tie down the security by using NTFS permissions. To do this, the command is:
Which would look something like this when filled in:Code:net share sharename=PathToFolder /GRANT:Everyone,FULL /Unlimited
The /Unlimited sets how many concurrent connections can be made to the share. To modify this so that only the specific user has full control (remember domain admins may like to be included?), using the syntax from my script it would be:Code:net share Phil=e:\userfolders\Phil /GRANT:EVERYONE,FULL /UNLIMITED
Note how I have had to build the command line up using variables as I am calling bacth file commands from a VBscript. It's a little more awkward and to be honest, there is probably a neater way of doing it. But for me this works just fine so why change it?Code:Set objShell = Createobject("WScript.Shell") strShare1 = "net share " strShare2 = "=e:\userfolders\" strShare3 = " /GRANT:" strShare4 = ",FULL /Unlimited" objShell.Run "cmd" objShell.SendKeys strShare1 & strUserName & strShare2 & strUserName & strShare3 & strUsername & strShare4 objShell.SendKeys "{ENTER}"
Next thing, xcacls. You can use the /? at the command prompt to get more detail out of this but a general line might look like this:
To explain, /T changes the permissions on the folder and any subdirectories/files.Code:xcacls path to userfolder /T /E /C /G username:F
/E is to edit the permissions instead of replacing them. You may want to leave this switch out?
/C is to continue on errors. Theres nothing worse than halfway through a script which takes an hour to run (creating 1000 users) a bloody error comes up and cancels the script! This makes it just continue.
/G Grants permissions to whichever user or group you want. :F is full control, :C is Change and :R is read and execute
Yes you can replace 'staff' with 'first year' or 'third year' or whatever else you want. It's just the name of the OU containing the users. Proof read all your script to make sure things are in the right place!
Yes you can change the server to Web1 instead of Gateway2, thats just the name of our server. Its a poor choice of name as people get confused with Default Gateway in IP settings!
Finally, the bit about print credits is just a reminder for me as we use software called PCounter to allocate a certain amount of prints per user per month.
Any more help just ask
zooroo44 (27th June 2011)
thanks for your fast answer i trying to modify the script and i will keep you poster with the news
this is something i want to do aswell, was going to write my own, is it ok if i use yours as a basis for mine? dont want to spend the day on it like last year
Set UserObj = GetObject("WinNT://"& domain &"/" & strUserName & "")
If err.number = 0 Then
i'm on 2008 sever why do you use winNT connect method not The Ldap sorry i'm not very good with scripting and understand that Ldap is the connect method for ADSI so is it valid to use Ldap in exchange for WinNT or WINNT connect method is supported in 2008
now i nearly edited the script fully to support my domain "thanks for that" but i run to a few syntax problem @ sub routines for closing boxes and script validation
i hope u can help revise the script and tell me what went wrong ......
Last edited by zooroo44; 28th June 2011 at 12:55 AM.
Use it as you like, there's no royalty on it
I used the WinNT method because when I originally wrote the script we were on Windows 2000 Server. We are now on 2008 but the script still works so I never changed it. I don't see why you couldnt use ldap. I will look at your script and get back to you.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
