You are not logged in.
I need to temporarily remove write permissions on a particular drive letter for ALL users.
I think I have to do the following:
1 - List all users that currently have write permissions on the drive.
2 - Remove write permission for each of these users. (Use cacls command?)
3 - <Do whatever else I need to do.>
4 - Restore write permission for each of the users. (Use cacls command again?)
Can this be done with a batch command script, or do I need to write an exe where I can get access to Windows libraries that will help me with step 1 above? If the script is possible, what command do I use to get the list of users with write permissions?
jduff
Offline
I've gotten part way there using cacls to list the users and permissions. However, I'm having trouble parsing the cacls text output to pick up just the usernames.
Code below DOES NOT YET WORK!!!
setlocal enabledelayedexpansion
set myDir=C:\foo
REM * STEP 1 - Create temp files that contain the list of users:
REM * Make one file for full control users.
REM * Make one file for write users.
REM * Make one file for change users.
cacls "%myDir%" | FIND ":F" > users_FullControl.txt
cacls "%myDir%" | FIND ":W" > users_Write.txt
cacls "%myDir%" | FIND ":C" > users_Change.txt
REM * STEP 2 - Iterator over the list of full control users changing to R permission
for /f %%v in (users_FullControl.txt) do (
REM * HELP - How do I pick out the user name?
REM * User name preceeds the :F at the end of the line.
REM * User name is preceeded by /
echo If I could correctly parse out the username into the v variable, I would execute: cacls "!myDir!" /E /G %%v:R
)
REM * Repeat for write (:W) users.
REM * Repeat for change (:C) users.
REM * STEP 3 - Do whatever I want to do.
REM * STEP 4 - Put permissions back:
REM * Repeat full control users for loop changing permissions back to full control.
REM * Repeat write users for loop changing permissions back to write.
REM * Repeat change control users for loop changing permissions back to change.
endlocal
jduff
Offline
You need to give "for" some options, so that it'll appropriately modify the data it's getting from the file.
If you just want the user name in "%%v" then give it some of this action:
for /f "usebackq delims=\: tokens=2" %%v in ("users_FullControl.txt") do (
cmd | *sh | ruby | chef
Offline
Yes, I see! ...This new code almost works. I have a problem on the first line of output from the cacls command which begins with the myDir string. For example:
C:\foo BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
WESTERLY\jduff:F
I need to remove the myDir value from the front of the string before the tokens approach you've suggested will work. I've tried code like the following, but I haven't yet been successful.
setlocal enabledelayedexpansion
set newLine=%oldLine:%myDir%=%
set newLine=%oldLine:!myDir!=%
Once I get this right, I think I will have what I need. I'll publish the entire script when I finally get it working.
jduff
Offline
Hmm it's a little more tricky than I first thought. Consider this:
Z:\>for /f "usebackq delims=\: tokens=2" %v in (`cacls z:\`) do @echo %v
BUILTIN
SYSTEM
(OI)(CI)(IO)F
Users
Users
Users
R
Z:\>cacls z:\
z:\ BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:(OI)(CI)R
BUILTIN\Users:(CI)(special access:)
FILE_APPEND_DATA
BUILTIN\Users:(CI)(IO)(special access:)
FILE_WRITE_DATA
Everyone:R
As you can see, it's picking out a few things I probably wouldn't want it to. I'll have a think and come back to you.
Last edited by bluesxman (19 Mar 2007 18:56)
cmd | *sh | ruby | chef
Offline
This thread may help
Offline