preload

SetACL command line automation examples

Posted by Albert Gareev on Apr 29, 2010 | Categories: Back-endFile System OperationsSource code

In this post  I provide code snippets for SetACL tool command line automation.  Examples of command line instructions were taken from here.

The code presented below is written in VBA for MS Excel.
CreateUserFolder function can create folders on a local or network drive. After user folder is created, the function sets typical access permissions by calling SetACL tool through command line interface (by using Shell function of Excel/VBA).
Pass-in parameters
sUserFolder – full path to the target folder
sLogin – user account name (login name)

'Declare external function
'It will be used to pause execution during asynchronous calls
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
'
'
'Main function
Public Function CreateUserFolder(ByVal sUserFolder, ByVal sLogin)
Dim boolRC, intRC
Dim objFSO, objUserFolder
Dim sToolPath, sCommandLine

'We assume that SetACL is stored at the same location as our Excel file
sToolPath = Workbooks.Item(1).Path & "\SetACL.exe"

Set objFSO = CreateObject("Scripting.FileSystemObject")

'Create user folder
On Error Resume Next
    Set objUserFolder = objFSO.CreateFolder(sUserFolder)
    boolRC = (Err.Number <> 0)
On Error GoTo 0
Set objFSO = Nothing

'Error-handling
If boolRC Then
   CreateUserFolder = False
   Exit Function
End If
   
'Sync
Sleep 250
   
'Remove inheritance
sCommandLine = """" & sToolPath & """ -on """ & sUserFolder & """ -ot file -actn setprot -op ""dacl:p_c;sacl:p_c"""
intRC = Shell(sCommandLine, vbHide)
'Shell is asynchronous call - system needs time to process it
'Sync
Sleep 1000
   
'Limited error-handling
If intRC = 0 Then
   CreateUserFolder = False
   Exit Function
End If
   
'Remove "Users"/"Domain Users" groups
sCommandLine = """" & sToolPath & """ -on """ & sUserFolder  & """ -ot file -actn trustee "
sCommandLine = sCommandLine & "-trst ""n1:users;ta:remtrst;w:dacl"" "
sCommandLine = sCommandLine & "-actn trustee -trst ""n1:domain users;ta:remtrst;w:dacl"""
intRC = Shell(sCommandLine, vbHide)
'Shell is an asynchronous call - system needs time to process it
'Sync
Sleep 1000
   
'Limited error-handling
If intRC = 0 Then
   CreateUserFolder = False
   Exit Function
End If
   
'Add Modify user permissions
sCommandLine = """" & sToolPath & """ -on """ & sUserFolder  & """ -ot file -actn ace "
sCommandLine = sCommandLine & "-ace ""n:" & sLogin & ";p:change"""
intRC = Shell(sCommandLine, vbHide)
'Shell is an asynchronous call - system needs time to process it
'Sync
Sleep 1000
   
'Limited error-handling
If intRC = 0 Then
   CreateUserFolder = False
   Exit Function
End If
   
'Deny Delete Folder user permissions
sCommandLine = """" & sToolPath & """ -on """ & sUserFolder & """ -ot file -actn ace "
sCommandLine = sCommandLine & "-ace ""n:" & sLogin & ";p:delete;i:np;m:deny;w:dacl"""
intRC = Shell(sCommandLine, vbHide)
'Shell is an asynchronous call - system needs time to process it
'Sync
Sleep 1000
   
'Limited error-handling
If intRC = 0 Then
   CreateUserFolder = False
   Exit Function
End If
   
CreateUserFolder = True

End Function

Related Posts


Calendar

April 2010
MonTueWedThuFriSatSun
« Mar May »
 1234
567891011
12131415161718
19202122232425
2627282930 

Blog Search

Monthly Archives

© 2007-2019 Albert Gareev | Copyright and Disclaimer | Neulane theme powered by WordPress
Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported
This work by Albert Gareev is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported.