CACLS Help

Batch, ASP, JScript, Kixtart, etc.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
billc124
Posts: 6
Joined: Wed Oct 22, 2008 12:48 am

CACLS Help

Post by billc124 » Thu Oct 23, 2008 12:34 am

It was suggested that I recreate my post from another forum in this one, so here goes. I am working on a migration from Netware to Windows AD environment. I already have an AD domain due to the fact that we use Exchange for our mail, so I don't need to migrate any users, only files and folders. I am planning to copy the files and folders and then apply permissions to them after the copy. What I need is some assistance coming up with the proper CACLS commands to use to do so. I have a text file with all my folders and associated permissions from the Netware server so I just need to translate that to the equivalent permissions for windows and apply to the new server. Here is a sample of what I have, names have been removed and container names shortened to first letter, etc...servernamevolumedir1 Trustee: .user1.C.B.P [RWCEFM] Trustee: .user2.A.B.P [RWCEFM] Trustee: .user3.A.B.P [RWCEFM]servernamevolumedir2 Trustee: .Everyone.C.B.P []servernamevolumedir3 Trustee: .user1.M.B.P [RWCEFM] Trustee: .user2.C.B.P [RWCEFM] Trustee: .user3.A.B.P [RWCEFM]I have a few hundred folders/subfolders with permissions applied, some to a group and others to specific users. Some of the folders are not inheriting permissions, so are. I just need some assistance in coming up with a command line to apply the permissions that I can then modify and put in a batch file. Any assistance is appreciated. If you need anymore information I will provide what I can.Thanks in advance,Bill

User avatar
billc124
Posts: 6
Joined: Wed Oct 22, 2008 12:48 am

CACLS Help

Post by billc124 » Thu Oct 23, 2008 12:34 am

It was suggested that I recreate my post from another forum in this one, so here goes. I am working on a migration from Netware to Windows AD environment. I already have an AD domain due to the fact that we use Exchange for our mail, so I don't need to migrate any users, only files and folders. I am planning to copy the files and folders and then apply permissions to them after the copy. What I need is some assistance coming up with the proper CACLS commands to use to do so. I have a text file with all my folders and associated permissions from the Netware server so I just need to translate that to the equivalent permissions for windows and apply to the new server. Here is a sample of what I have, names have been removed and container names shortened to first letter, etc...servernamevolumedir1 Trustee: .user1.C.B.P [RWCEFM] Trustee: .user2.A.B.P [RWCEFM] Trustee: .user3.A.B.P [RWCEFM]servernamevolumedir2 Trustee: .Everyone.C.B.P []servernamevolumedir3 Trustee: .user1.M.B.P [RWCEFM] Trustee: .user2.C.B.P [RWCEFM] Trustee: .user3.A.B.P [RWCEFM]I have a few hundred folders/subfolders with permissions applied, some to a group and others to specific users. Some of the folders are not inheriting permissions, so are. I just need some assistance in coming up with a command line to apply the permissions that I can then modify and put in a batch file. Any assistance is appreciated. If you need anymore information I will provide what I can.Thanks in advance,Bill

User avatar
billc124
Posts: 6
Joined: Wed Oct 22, 2008 12:48 am

CACLS Help

Post by billc124 » Thu Oct 23, 2008 2:27 am

The Quest tool doesn't work very well at least in my lab environment anyway. The problem is that most of the tools assume that you don't have an Active Directory structure in place and want to migrate users and everything, I don't need to do that. user1.c.b.p is the fqdn of a netware user so that would be changed to the fqdn of the windows user and then the permissions would be applied. I guess what I am really looking for is the command line parameters for CACLS to use to apply the permissions. I do have some programmers that are on staff that could help with the scripting part. Maybe I will look for other third party tools that will just apply permissions and not migrate anything.

User avatar
jhicks
Posts: 1789
Joined: Sun Jan 21, 2007 11:31 pm

CACLS Help

Post by jhicks » Thu Oct 23, 2008 5:03 am

That's the ticket. I knew there had to be better solution than scripting. Not that it couldn't be done just that it would take a long time to develop, and other than the experience, after you ran the script you wouldn't have much to show for your effort from a scripting perspective. I assume you won't be doing this task on a regular basis.Good luck and we're here.

User avatar
jvierra
Posts: 13718
Joined: Tue May 22, 2007 9:57 am
Contact:

CACLS Help

Post by jvierra » Thu Jul 02, 2009 12:28 pm

Please not that this thread is over 6 months old and may not be watched by the posters.


I beleieve XCACLS.VBS is in Windows Resource Kit Tools.


User avatar
gregz
Posts: 1
Joined: Fri Dec 12, 2008 3:52 am

CACLS Help

Post by gregz » Fri Jul 03, 2009 4:08 am

Option EXPLICIT
Dim oWshShell, oFSO, oFilename1, iErrNumber, FindText20, oFilename3, oFilename444, strText10, FindText10Dim strReadLine1,sOutPutFile, arrReadLine,strRootDSE, strReadLine2, oFilename9, oFilename10, FindText88, CheckDrvDim strLogFileLine, FindText1, FindText2, strText1, strText2, oFileName11, oFileName22, oFileName2, Input1ADim TargetPath, FindText21, FindText22, Path, C0, FindText23, DomainNB, CN, CNPrefix, CNSuffix, oFileName23Dim oFilename44, strText3, oFilename4, FixPath, FindText24, oFilename5, strText55, oFilename77, Input1, Input2, Input3Dim strReadLine77, strReadLine78, strReadLine79, CNIssue, CNCPEGPrefix, strTextBAT, iFilenameTXT, oFilenameBAT'**********************************************' SCRIPT CONSTANTS'********************************************** CONST ForReading = 1 CONST ForWriting = 2 CONST ForAppending = 8
ON ERROR RESUME NEXT 'uncomment when script is ready for production
'/////////////////////'DEBUG PARAMETERS'///////////////////// DIm bDEBUG, iMsgTIme bDEBUG = 0 'set to 1 to enable debug code for troubleshooting iMsgTime = 1 'popup timing 0 = click OK
' If bDEBUG = 1 Then' oWshShell.Popup <variable>,iMsgTime, "<variable>",0 'DEBUG' End IF


'*********************************************'Create Objects'********************************************* Set oFSO = CreateObject("Scripting.FileSystemObject") Set oWshShell = Wscript.CreateObject("Wscript.Shell")
'*********************************************'Get Name for files, Domain name and target drive'*********************************************Input1 = InputBox("Enter the name of the text file produced by TRUSTEE.NLM." & Chr(13) & "The name should be in the format of SERVER_VOLUME.txt.","Enter TRUSTEE.NLM File Name")If Input1 = "" Then Wscript.echo "Terminating Process..." Set oWshShell = Nothing SET oFSO = Nothing WScript.QuitEnd IfInput1A = InStr(Input1,".")Input1A = Left(Input1,Input1A-1)Input1A = UCase(Input1A)
Input2 = InputBox("Enter the NetBIOS name of the DOMAIN." & Chr(13) & "Examples would be PROD or DEV...","Enter DOMAIN Name")If Input2 = "" Then Wscript.echo "Terminating Process..." Set oWshShell = Nothing SET oFSO = Nothing WScript.QuitEnd IfInput2 = UCase(Input2)
Input3 = InputBox("Enter the taget directory for where the rights will start." & Chr(13) & "The path should be in the format of D:.","Enter Target Directory")If Input3 = "" Then Wscript.echo "Terminating Process..." Set oWshShell = Nothing SET oFSO = Nothing WScript.QuitEnd IfInput3 = UCase(Input3)CheckDrv = InStr(Input3,"")IF CheckDrv = 0 THEN Wscript.echo "Error - Drive did not contain a (such as c:)." Wscript.echo "Terminating Process..." Set oWshShell = Nothing SET oFSO = Nothing WScript.Quit END If
'********************************************' MAINLOOP'********************************************'Format 2 Explicit Rights Report input files for reading Set oFilename4 = oFSO.OpenTextFile("." & Input1, ForReading, False) iErrNumber = err.number 'Check for missing file IF iErrNumber = 53 THEN Wscript.echo "Error - " & Input1 & " file was not found." Wscript.echo "Terminating Process..." Set oWshShell = Nothing SET oFSO = Nothing WScript.Quit END If strText3 = oFileName4.ReadAll strText3 = Replace (strText3,Chr(34),"") strText3 = UCase (StrText3) Set oFilename44 = oFso.OpenTextFile(".F_Trustee.txt", ForWriting, True) oFilename44.Write strText3 oFilename44.close Set oFilename444 = oFso.OpenTextFile(".F_Trustee2.txt", ForWriting, True) oFilename444.Write strText3 oFilename444.close
'Open Explicit Rights Report input file for reading line by line Set oFilename1 = oFSO.OpenTextFile(".F_Trustee.txt", ForReading, False) iErrNumber = err.number 'Check for missing file IF iErrNumber = 53 THEN Wscript.echo "Error - F_Trustee.txt file was not found." END If 'Open Explicit Rights Report input file for comparing Set oFilename10 = oFSO.OpenTextFile(".F_Trustee2.txt", ForReading, False) iErrNumber = err.number 'Check for missing file IF iErrNumber = 53 THEN Wscript.echo "Error - F_Trustee2.txt file was not found." END IF
'Open Ignored Paths input file for reading Set oFilename5 = oFSO.OpenTextFile("." & Input1A & "_IgnorePaths.txt", ForReading, False) iErrNumber = err.number 'Check for missing file IF iErrNumber = 53 THEN Wscript.echo "Error - " & Input1A & "_IgnorePaths.txt file was not found." Wscript.echo "Terminating Process..." Set oWshShell = Nothing SET oFSO = Nothing WScript.Quit END IF
'Open output file(s) for writing Set oFilename22 = oFSO.OpenTextFile(".FixPerms.txt", ForWriting, True) Set oFilename23 = oFSO.OpenTextFile("." & Input1A & "_DENY_ERRORS.txt", ForWriting, True) 'Get First Line of Batch FileoFilename22.writeline "echo *********************** > ." & Input1A & ".log"oFilename22.writeline "echo Start of Batch File >> ." & Input1A & ".log"oFilename22.writeline "Date /T >> ." & Input1A & ".log"oFilename22.writeline "Time /T >> ." & Input1A & ".log"oFilename22.writeline "echo *********************** >> ." & Input1A & ".log"oFilename22.writeline "echo *********************** >> ." & Input1A & ".log" 'Initialize Variables TargetPath = Input3 DomainNB = Input2 CNCPEGPrefix = "$" CNPrefix = "" CNSuffix = ""
'Create Missing In NW File strText10 = oFileName10.ReadAll strText55 = oFileName5.ReadAll CNIssue = 0 DO While oFileName1.AtEndOfStream <> True strReadLine2 = oFileName1.ReadLine 'Get Path Information FindText20 = InStr(strReadLine2,",") FindText21 = InStr(FindText20+1,strReadLine2,",") Path = Mid(strReadLine2,FindText20+1,(FindText21-FindText20)-1) 'Get CN Information FindText23 = InStr(FindText21,strReadLine2,".") 'Fix if CN does not contain a "." eg. root or [public] If FindText23 = 0 Then FindText23 = InStr(FindText21+6,strReadLine2,",") CNIssue = 1 End If CN = Mid(strReadLine2,FindText21+6,FindText23-(FindText21+6)) 'Change [public] to AU or CPEG to standard name If CNIssue = 1 Then If CN = "[PUBLIC]" Then CN = "Authenticated Users" Else CN = CNCPEGPrefix & CN End If CNIssue = 0 End If FindText88 = Right(strReadLine2,1) If FindText88 = "," Then oFilename23.writeline strReadLine2 C0 = 0 Else C0 = 1 End If Do While C0 <> 0 FindText22 = InStrRev(Path,"",-1,1) C0 = FindText22 If C0 <> 0 Then Path = Left(Path,FindText22-1) C0 = FindText22 FixPath = Replace (Path,":","") FixPath = UCase (FixPath) 'See if exists in Ignore Paths File FindText24 = InStr(1,strText55,Chr(10)+FixPath+Chr(13),1) If FindText24 = 0 Then FixPath = TargetPath+FixPath FindText10 = InStr(strText10,Path & ",LONG," & CN) If FindText10 > 0 Then Else oFilename22.writeline "cscript.exe xcacls.vbs " & Chr(34) & FixPath & Chr(34) & " /g " & Chr(34) _ & DomainNB & "" & CNPrefix & CN & CNSuffix & Chr(34) & ":;b8641 /e >> ." & Input1A & ".log" End If End If End If Loop Loop
'Set the Generic rights at top levels oFilename5.close Set oFilename77 = oFSO.OpenTextFile("." & Input1A & "_IgnorePaths.txt", ForReading, False) iErrNumber = err.number 'Check for missing file IF iErrNumber = 53 THEN Wscript.echo "Error - " & Input1A & "_IgnorePaths.txt file was not found." Wscript.echo "Terminating Process..." Set oWshShell = Nothing SET oFSO = Nothing WScript.Quit END If Do While oFileName77.AtEndOfStream <> True strReadLine77 = oFileName77.ReadLine strReadLine79 = UCase(strReadLine77) strReadLine78 = InStr(strReadLine77,":") If strReadLine77 = "" Then ElseIf strReadLine78 = 0 Then oFilename22.writeline "cscript.exe xcacls.vbs " & Chr(34) & TargetPath & strReadLine79 & Chr(34) & " /g " & Chr(34) _ & "Authenticated Users" & Chr(34) & ":;b8641 /e >> ." & Input1A & ".log" End If Loop 'Set End Line in Batch FileoFilename22.writeline "echo *********************** >> ." & Input1A & ".log"oFilename22.writeline "echo *********************** >> ." & Input1A & ".log"oFilename22.writeline "echo End of Batch File >> ." & Input1A & ".log"oFilename22.writeline "Date /T >> ." & Input1A & ".log"oFilename22.writeline "Time /T >> ." & Input1A & ".log"oFilename22.writeline "echo *********************** >> ." & Input1A & ".log"
'Close files and delete temp file oFilename1.close oFilename4.close oFilename77.close oFilename22.close oFilename23.close oFilename10.close Set oFilename3 = oFso.GetFile(".F_Trustee.txt") oFilename3.Delete 'Fix final file (for domainauthenticated users) and create bat Set iFilenameTXT = oFSO.OpenTextFile(".FixPerms.txt", ForReading, False) iErrNumber = err.number 'Check for missing file IF iErrNumber = 53 THEN Wscript.echo "Error - FixPerms.txt file was not found." END If strTextBAT = iFileNameTXT.ReadAll strTextBAT = Replace (strTextBAT,DomainNB & "" & CNPrefix & "Authenticated Users" & CNSuffix,"Authenticated Users") Set oFilenameBAT = oFso.OpenTextFile("." & Input1A & ".bat", ForWriting, True) oFilenameBAT.Write strTextBAT oFilenameBAT.close iFilenameTXT.close Set oFilename9 = oFso.GetFile(".FixPerms.txt") oFilename9.Delete Set oFilename2 = oFso.GetFile(".F_Trustee2.txt") oFilename2.Delete Wscript.echo "Process Complete!"
'*********************************************'Destroy Objects'********************************************* SET oWshShell = Nothing SET oFSO = Nothing

Locked