PLEASE READ FIRST!

I've now been blogging here since 2007! ...Wow, has it been that long already?! Over the years, I've covered a wide array of subjects from scripting, troubleshooting, to the occasional hobby project. I have literally heard from thousands of you over the years with questions or even just offering me a bit of thanks!

Recently, I quit my full-time job and started work on an IT business, Rhythm IT Solutions, helping other IT departments manage their IT environments. We're offering consulting & professional services (Office 365 Migrations, Network Discovery, Firewall Management, etc...) as well as Endpoint Management (AV, Patch Management EDR, Managed Backup, etc...)



If there is something (on my blog or not) that you could use some additional help with, I would LOVE to hear from you! Please feel free to reach out to me using the contact links here or the contact form on Rhythm's website.

For those wondering, I do plan on continuing my work on the blog. So don't worry! There are plenty of Greg Strike posts yet to come! 😊 Thanks for stopping by!

PLEASE READ FIRST!




I always seem to have some really poorly written applications I’m required to deploy at work. You know, the kind of applications that decide to write their temporary files right to the Program directory INSTEAD OF user writable space. You know, like their profile?! Please don’t judge me. This small little Admin’s voice doesn’t get heard too often when it comes to software selection. I’d much rather work with software companies that follow security standards and don’t give me “The user needs to be an Administrator on the box.” blanket statements.

Either way, my voice gets drowned out and I need to find a way to get these programs to function without adding the user to the Administrators group. This can usually be accomplished by granting the local “Users” group on the PC Read and Write permissions to the application’s folders.

Below is a VBScript that does just that. Technically, the script actually shells out to a Command Prompt and runs CACLS but putting it in this script allows me to adjust permissions on multiple folders. I can then apply this VBScript to a Group Policy (GPO) in order to install these stupid applications using a managed install.

'       Script: GrantRWFolderPermissions.vbs
'       Author: Gregory Strike
'          URL: //www.gregorystrike.com/2011/07/26/grant-readwrite-permissions-using-vbscript/
' Requirements: This script must be run from an account that has Full Access to the
'               folders in the strFolders array.  This script is meant to be run as
'               group policy startup script.
'
'               Folders listed in the strFolders array will grant R/W permissions
'               to the NT Group in strNTGroup.

Dim objShell, intRunError

strFolders = Array(_
"C:\AppNumber1Path",_
"C:\Program Files\AppNumber2Path",_
"C:\Program Files\AppNumber2Path")

strNTGroup = "Users"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

'Assign user permissions.
For X = 0 to Ubound(strFolders)
	If objFSO.FolderExists(strFolders(X)) Then
		intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls """ & strFolders(X) & """ /T /E /C /G " & strNTGroup & ":C", 2, True)
		If intRunError < 0 Then
			Wscript.Echo "Error assigning permissions for users to folder: " & strFolders(X)
		End If
	Else
		Wscript.Echo "Folder " & strFolders(X) & " does not exist."
	End If
Next

Set objFSO = Nothing
Set objShell = Nothing

In order to use this script you need to modify the folders in the strFolders array. All the folders in this array will have Read/Write (RW) permissions granted to the local NT Group located in strNTGroup.



PLEASE READ FIRST!

I've now been blogging here since 2007! ...Wow, has it been that long already?! Over the years, I've covered a wide array of subjects from scripting, troubleshooting, to the occasional hobby project. I have literally heard from thousands of you over the years with questions or even just offering me a bit of thanks!

Recently, I quit my full-time job and started work on an IT business, Rhythm IT Solutions, helping other IT departments manage their IT environments. We're offering consulting & professional services (Office 365 Migrations, Network Discovery, Firewall Management, etc...) as well as Endpoint Management (AV, Patch Management EDR, Managed Backup, etc...)



If there is something (on my blog or not) that you could use some additional help with, I would LOVE to hear from you! Please feel free to reach out to me using the contact links here or the contact form on Rhythm's website.

For those wondering, I do plan on continuing my work on the blog. So don't worry! There are plenty of Greg Strike posts yet to come! 😊 Thanks for stopping by!

PLEASE READ FIRST!





Gregory Strike

Husband, father, IT dude & blogger wrapped up into one good looking package.