I always seem to have some really poorly written applications I’m required to deploy at work. You know, the kind of applications that decide to write their temporary files right to the Program directory INSTEAD OF user writable space. You know, like their profile?! Please don’t judge me. This small little Admin’s voice doesn’t get heard too often when it comes to software selection. I’d much rather work with software companies that follow security standards and don’t give me “The user needs to be an Administrator on the box.” blanket statements.

Either way, my voice gets drowned out and I need to find a way to get these programs to function without adding the user to the Administrators group. This can usually be accomplished by granting the local “Users” group on the PC Read and Write permissions to the application’s folders.

Below is a VBScript that does just that. Technically, the script actually shells out to a Command Prompt and runs CACLS but putting it in this script allows me to adjust permissions on multiple folders. I can then apply this VBScript to a Group Policy (GPO) in order to install these stupid applications using a managed install.

'       Script: GrantRWFolderPermissions.vbs
'       Author: Gregory Strike
'          URL: //www.gregorystrike.com/2011/07/26/grant-readwrite-permissions-using-vbscript/
' Requirements: This script must be run from an account that has Full Access to the
'               folders in the strFolders array.  This script is meant to be run as
'               group policy startup script.
'               Folders listed in the strFolders array will grant R/W permissions
'               to the NT Group in strNTGroup.

Dim objShell, intRunError

strFolders = Array(_
"C:\Program Files\AppNumber2Path",_
"C:\Program Files\AppNumber2Path")

strNTGroup = "Users"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

'Assign user permissions.
For X = 0 to Ubound(strFolders)
	If objFSO.FolderExists(strFolders(X)) Then
		intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls """ & strFolders(X) & """ /T /E /C /G " & strNTGroup & ":C", 2, True)
		If intRunError < 0 Then
			Wscript.Echo "Error assigning permissions for users to folder: " & strFolders(X)
		End If
		Wscript.Echo "Folder " & strFolders(X) & " does not exist."
	End If

Set objFSO = Nothing
Set objShell = Nothing

In order to use this script you need to modify the folders in the strFolders array. All the folders in this array will have Read/Write (RW) permissions granted to the local NT Group located in strNTGroup.

Gregory Strike

Husband, father, IT dude & blogger wrapped up into one good looking package.