Courion Tip – User Home Drive Permissions

The situation – user home drives get created with Courion pretty much ‘straight out of the box’. Permissions can be set, drive letter set. However, the home drive does not inherit permissions from it’s parent folder. How to resolve this?

Start by reading “Configuring Workflows.pdf” that came with your version. For version 8.00, the pages of interest are 446 thru 454. This covers “Configuring Triggers”.

Next, make a copy of “TriggerUtils.vbs”, I called my copy “TriggerICACLS.vbs” since I will be using the icacls.exe program to re-enable inheritance.

And now make a short and sweet vbscript to make sure this actually does what you want. This is the vbscript I wrote:

Dim strHomeFolder, strHome, strUser, objShell, objFSO
strHomeFolder = “{\\path to server or DFS Share}\Home\{username}”
Set objShell = CreateObject(“Wscript.Shell”)
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
objShell.Run(“icacls ” & strHomeFolder & ” /inheritance:e”)

For me, (please test for your use case) I can recreate the issue by using “/inheritance:r” and resolve it by using “/inheritance:e”. In other words, make sure this fixes your issue.

Now for the tough part – editing of the TriggerICACLS.vbs file itself. And, sorry, but the line numbers shown below are only approximate.

Line 20. Change Const RDK_DEBUG = 0 to RDK_DEBUG = 1
Line 29. Change the DEBUG_LOG file name to “TriggerICACLS_debug.log”
Insert a line 68, which says DIM objShell, objFSO
Line 71. Change the name for TRIGGER_ONE_PARAM1. I set mine to “Directory to reset inheritance on”
Line 87. Change the help text for TRIGGER_ONE_PARAM1_ARRAY(ATTRIBUTE_HELP_TEXT). I set mine to “folder you wish to inherit permissions from parent”
Comment out lines 672 thru line 709 – and, note that the line numbers probably don’t align 100% with yours. So, its basically all the code that does the copying of the files/folders. The first line I commented out was ‘Open the file system object & the first line I left alone was ‘Call RevertToYourself to go back to who you were before the impersonation!

Insert the following code:

‘Set the strHomeFolder to inherit permissions from it’s parent
on error resume next
Dim objShell, objFSO
Set objShell = CreateObject(“Wscript.Shell”)
Set objFSO = CreateObject(“Scripting.FileSystemObject”) ‘FileSysObj
objShell.Run(“icacls ” & strSourceDir & ” /inheritance:e”)

Now, log into the Courion server, and launch the Connector Configuration Manager. You will be adding a target to the Microsoft ActiveScript Cnctr.
I called mine “AD” since it’s Active Directory. I wasn’t positive which Operations I wanted, so I cheated and selected all of them.
The Script File Name should be the path and name to the vbscript you just created.
Next, enter the

Administrator User
Administrator Password

Click on Finish. For the record, I couldn’t get mine to confirm, and so the rest of this is actually un- tested. It should prompt you to restart the Courion services, and you will need it to do so.

Now, go into the Courion admin and edit your workflow. In my case, I chose the Add action, Trigger, and the event of Microsoft ADS 5.x User Resource Success


Posted April 27, 2012 by mmdmurphy in Courion Tip

Tagged with

%d bloggers like this: