Network Automation Software We are currently migrating this forum
over to our HelpSystems domain. Please
post all new threads in our new
HelpSystems Community Portal.
Post to the HelpSystems Forum
You are not currently logged on. You must be logged on in order to post. Log on
Or Create a new account
AutoMate Discussion
Decrease font size
Increase font size
Topic Title: Set ACL permissions on Windows file/folder
Topic Summary:
Created On: 07/13/2018 10:37 AM
Status: Read Only
Linear : Threading : Single : Branch
 Set ACL permissions on Windows file/folder   - JohnScott - 07/13/2018 10:37 AM  
 Set ACL permissions on Windows file/folder   - Alex Escalante - 07/18/2018 01:07 PM  
 Set ACL permissions on Windows file/folder   - JohnScott - 07/18/2018 01:30 PM  
Search Topic Search Topic
Topic Tools Topic Tools
View similar topics View similar topics
View topic in raw text format. Print this topic.
Answer This question was answered by JohnScott, on Wednesday, July 18, 2018 1:35 PM

Answer:
Alex, thanks for that suggestion. The Set Attributes action is in the neighborhood, but doesn't do what I need to do.

When I started Googling scripting techniques to modify the ACLs for a file or folder, one of the blog entries I found mentioned as an aside "..or you could do this with the old command-line cacls.exe utility.." That lead me to the current incarnation of that utility: icacls.exe. After digesting icacls.exe /? and trying out a few alternatives, I have found a way to do this that looks like it's going to work for me.

What I'm going is using AutoMate to generate a set of icacls commands for the folder and AD principles that I want to tweak. I save that set of commands to a .bat text file. Then I use AutoMate to run the batch file. I capture the output of the batch file run and scan its text for the output of a successful run, to reassure myself that it accomplished the change I intended. The central payload lines of the batch file are:

icacls %sFromFolderName% /grant ourdomain\%sFromFolderName%:(OI)(CI)M
icacls %sFromFolderName% /inheritance:D
icacls %sFromFolderName% /remove:g "Authenticated Users"

I understand that this is a DOS-era way to solve this new-era problem, but it seems to be working. I offer it to the community with no warranties expressed or implied.

John
 07/13/2018 10:37 AM
User is offline View Users Profile Print this message

Author Icon
JohnScott
Artisan (200-499)

Posts: 231
Joined: 10/27/2010

I am writing a workflow to manage incoming files, and to move them to per-person folders for the staffers the files belong to. All that's working fine, including logic to create new folders for staffers who haven't previously used the system.

Where I'm stuck is that I need to tighten up the folder permissions, so that staffer B cannot see the files that have been put in staffer A's folder. I have not been able to find any native actions within AutoMate to read or edit file system ACL permissions. I'm assuming that the designers have intended that if I need to do something like that, I'd write a VBscript or PowerShell script to edit the permissions, and simply call that script from my task. I've looked for a KB or sample script demonstrating how to do this, but not found any.

Have any of you forum folks implemented a script like this that you'd be willing to share?

TIA, John

 Category Survey
AutoMate BPA Server 10 version: 10.7.0
Windows version: Windows Server 2012 R2
Statistics
18258 users are registered to the AutoMate Discussion forum.
There are currently 0 users logged in.
The most users ever online was 5551 on 01/08/2018 at 11:11 AM.
There are currently 362 guests browsing this forum, which makes a total of 362 users using this forum.

FuseTalk Enterprise Edition v4.0 - © 1999-2019 FuseTalk Inc. All rights reserved.

Sitemap Network Automation Software Blog