VB Script to Modify Folder NTFS Security and Share Permission

Below is the VBscript to Modify Folder NTFS Security and Share permission. It is using Cacls.exe and Rmtshare.exe to modify the permission. Cacls.exe can be used to modify Folder NTFS security Permission and  rmtshare.exe modifies Share Permission.  Below script removes all the existing permission NTFS Permission and Provides domain\accountname Full access and remove Inheritance check box and provide domain\accountname read share permission and remove all the other share permission. You can modify the script to suite your requirement

Set WshNetwork = WScript.CreateObject(“WScript.Network”)
strFolderName = Installerpath(WshNetwork.ComputerName)
Set objShell = CreateObject(“Wscript.Shell”)
intRunError = objShell.Run(“%COMSPEC% /c Echo Y| cacls ” & strFolderName & ” /c /g domain\accountname:F”, 2, True)
intRunError = objShell.Run(“F:\Krishna\Rmtshare.exe \\Servername\Sharename /remove”)
intRunError = objShell.Run(“F:\Krishna\Rmtshare.exe \\Servername\Sharename /grant “”domain\accountname””:read”)
intRunError = objShell.Run(“F:\Krishna\Rmtshare.exe \\Servername\Sharename /remove everyone”)

Function Installerpath(compname)
strPath = “\\” &  compname & “\Sharename”
strPath = Replace(strPath, “\\”, “”)
arrPath = Split(strPath, “\”)
strComputer = arrPath(0)
strShare = arrPath(1)
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
Set colItems = objWMIService.ExecQuery(“Select * From Win32_Share Where Name = ‘” & strShare & “‘”)

For Each objItem in colItems
strFolderName = objItem.Path
Installerpath = strFolderName

End Function

Executing the script :

Save the file as .vbs and you can execute locally or user psexec.exe to execute script remotely. Below is the psexec command to run remotely.

Psexec.exe \\servername cscript C:\Securitymodify.vbs

You can find the copy of the code in the below link


Powershell to check check user Security Permission using Dscals

Powershell to check if  set of users for security security permission. Below script helps to check if users has Account Operators listed in security permission

$csv = Import-csv -path "D:\Krishna\dsacls\user.csv"
foreach($line in $csv)
$input = "\\Servername\" + $line.DN
$K = .\dsacls.exe $input
$i = 1
foreach ($service in $K)
$Status = $service -like "Allow BUILTIN\Account Operators*"
if ($status -eq $true)
i= 0
if($i -eq 1)
$line.mailnickname >> dcalsresult.txt

You can also find the copy in the below link