问题
I have a network with over 700 users and I want to create a script that could change the owner of the home folders to domain admins and the sub-folders to the users themselves.
This is what I could create with the help of my colleges, but this doesn't work for some reason. Can anyone help me please. Thanks.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("G:\Userhome\userdirlist.txt", 1)
Set oShell = WScript.CreateObject("WSCript.shell")
Do Until objFile.AtEndOfStream
struserfolder = objFile.ReadLine
oshell.run ("icacls G:\userhome\"+ struserfolder +"\*.* /setowner domainname\" + "struserfolder" + " /t")
oshell.run ("icacls G:\userhome\"+ struserfolder +"\*.* /setowner domainname\Domain Admins")
Loop
回答1:
You use the string "struserfolder" when you probably mean to use the variable struserfolder. Change this:
oshell.run ("icacls G:\userhome\"+ struserfolder +"\*.* /setowner domainname\" _
+ "struserfolder" + " /t")into this:
oshell.run "icacls G:\userhome\"+ struserfolder +"\*.* /setowner domainname\" _
+ struserfolder + " /t"Also, you must quote arguments with spaces. Lack of quotes is probably what prevents the second command from working, because icacls tries to set the owner to domainname\Domain instead of domainname\Domain Admins. This should do:
oshell.run "icacls G:\userhome\" + struserfolder _
+ "\*.* /setowner ""domainname\Domain Admins"""
BTW, why are you trying to change the owner twice? Any object can have just one owner, and you don't gain anything if you make the domain admins group the owner of just the top-level objects in the folder.
If you want to give domain admins access to the users' home directories, change the owner to the local administrators group (domain admins are automatically members of that group) and grant full control on the folder to Administrators, SYSTEM and the user. Then propagate the changed permissions down the directory tree:
path = Chr(34) & "G:\userhome\" & struserfolder & Chr(34)
oshell.run "icacls " & path & " /setowner Administrators /t /c"
oshell.run "icacls " & path & " /grant Administrators:(OI)(CI)F " _
& "SYSTEM:(OI)(CI)F domainname\" & struserfolder & ":(OI)(CI)F"
oshell.run "icacls " & path & " /reset /t /c"
Edit: The Run method returns the exit status of the executed command, which may give you some pointers when things don't work as expected:
rc = oshell.run("icacls " & path & " /setowner Administrators /t /c", 0, True)
WScript.Echo "icacls returned with exit code " & rc & "."
One issue might be that by default Run is asynchronous (parameter bWaitOnReturn defaults to False), i.e. the call returns immediately while the command (icacls) is still running in the background. This may lead to situations where subsequent commands try to change permissions on objects where ownership hasn't been taken yet.
Even more helpful than the return code is ususally the output of the command. However, the way you execute the commands, the command window isn't displayed, and even if it were, it would automatically close as soon as the command finishes. You can force the command window to become visible and stay open after the command finishes, though.
oshell.run "%COMSPEC% /k icacls " & path & " /setowner Administrators /t /c" _
, 1, TrueOf course you don't normally want this in production, but it's quite useful when debugging a script.
Another option would be to avoid Run entirely and run the commands via the Exec method. That way you have access to the StdOut and StdErr of the created process:
Set icacls = oshell.Exec("icacls " & path & " /setowner Administrators /t /c")
Do While icacls.Status = 0
WScript.Sleep 100
Loop
WScript.Echo "icacls returned with exit code " & icacls.ExitCode & "."
WScript.Echo icacls.StdOut.ReadAll & icacls.StdErr.ReadAll
来源:https://stackoverflow.com/questions/15704060/changing-owner-of-subfolders-using-icacls-in-a-vbscript