Monday, March 11, 2013

Resetting home profile permissions with VB script and icacls

Copy and paste the script below and save it as C:\Temp\SetProfileRights.vbs
Test this VB script first in you test environment, before you use it in your production environment!
To run the script:
  1. Go to start and select Run
  2. Type CMD and press enter
  3. Type cscript C:\Temp\SetProfileRichts.vbs
'********************************************************************************************
'  Resetting home profile permissions.
'********************************************************************************************
'
'********************************************************************************************
'  Setting the Parameters
'********************************************************************************************
'
Set FSO = CreateObject("Scripting.FileSystemObject")
Set ObjShell = Wscript.CreateObject("Wscript.Shell")
'
'********************************************************************************************
'  Set the folder path "(ShowSubfolders FSO.GetFolder("OMG CHANGE ME")
'********************************************************************************************
'
 ShowSubfolders FSO.GetFolder("D:\Profiles")
'
'********************************************************************************************
'  Run the sub command to Reset permissions based on home folder name.
'  If userName contains a .V2 replace it with "" nothing.
'  Added ,,True to wait for each CMD to finish before the next one starts.
'********************************************************************************************
'
Sub ShowSubFolders(Folder)
    For Each Subfolder in Folder.SubFolders
           userName = Replace(SubFolder.Name,".V2","")
        
        CMDLine1 = "takeown /f """ & Subfolder & """ /r /d y"
        CMDLine2 = "icacls.exe """ & Subfolder & """ /reset /T"

'********************************************************************************************
'  Replace YOURDOMAIN with your own corporate domai name
'********************************************************************************************
        CMDLine3 = "icacls.exe """ & Subfolder & """ /grant:r YOURDOMAIN\" & userName & ":(OI)(CI)F"
        CMDLine4 = "icacls.exe """ & Subfolder & """ /setowner YOURDOMAIN\" & userName & " /T"
    
'********************************************************************************************
'  Enable or disable CMDLine 1, 2, 3 or 4 below
'********************************************************************************************
        ObjShell.Run CMDLine1,,True
        ObjShell.Run CMDLine2,,True
        ObjShell.Run CMDLine3,,True
        ObjShell.Run CMDLine4,,True
    
    Next
End Sub
'
'********************************************************************************************
'  quit the script
'********************************************************************************************
'
Wscript.quit


No comments: