I need a Batch Script

luke127

The Ghost
Messages
868
Location
Australia
hey guys, I need a batch script that denies the group "Everyone" access to any folders, and sub files/directories inside a USB. However it needs to be set so that it only affects the right USB no matter which port I put it in. Preferably using the ICACLS command, is this remotely possible? If so, could someone help me construct it?

If naming the USB is needed, we could call it "Test" for the script itself, and I'll modify it as needed.

Feel free to add credits of yourself to the file, they will not be removed. :)
 
You'd need to set the permissions according to the drive letter. And the drive letter of USB drives, while Windows tries to give the same USB device the same letter everytime it's plugged in, it's possible that the drive letter can change if another device takes it instead.

What I'd do, is prompt for the drive letter, and then run the command on the drive according to what letter was provided.

PowerShell may be a better suit for this as well - it's more robust and powerful than batch files.
 
This is going to be run in a school environment, meaning that I don't have access to power shell because it's administrative permissions which I don't have. However I will see if I can setup an IF statement that looks for a specific folder inside the drive that is specified.
 
I have experimented, and it appears that I have access to power shell. I just need to be VERY careful, because in a way powershell is 10x worse than command prompt when it comes to screwing **** up xD So any help creating this script would be very helpful as power shell is completely new to me :)
 
I have experimented, and it appears that I have access to power shell. I just need to be VERY careful, because in a way powershell is 10x worse than command prompt when it comes to screwing **** up xD So any help creating this script would be very helpful as power shell is completely new to me :)

You just have access to more things; I wouldn't necessarily call it any worse or easier than batch scripts to screw things up on a system.

Prompting for input: Prompt for input, set variable in Powershell
Set permissions on only a single/specified file or folder: PowerShell - Editing permissions on a file or folder - Speaking of which... - Site Home - MSDN Blogs

Doing it recursively (note the foreach loop at the bottom): Automate changes to Permissions with Get-ACL, Set-ACL in Windows PowerShell

Documentation on rights/permissions options: Windows PowerShell Tip: Working With Security Descriptors
 
I've done some reading, and ICACLS seems easier to work with rather than using the advanced options that powershell offers, my 15 year old brain can only handle so much code at any given time :p

Ok, I also need to know how to make it ask whether I want to do option A or option B. In this case it would be decrypt or encrypt. Also, decrypt needs to have a password on it so that not just anyone could run the script. That is where I am having trouble. But the general script (without the password) would be represented by the following general idea: (Repeating A: and 2: for Option B respectively).

Code:
IF Option A then goto A. 
IF Option B then goto B.

A:
IF F:\ contains folder "TEST" then goto encrypt.
IF NOT then goto 2.

2:
IF G:\ contains folder "TEST" then goto encrypt.
IF NOT then goto END.

#(This code could be repeated, for each drive letter of a USB port.)

ENCRYPT:
ICACLS "F:\TEST" /deny everyone:(F)

DECRYPT:
ICACLS "F:\TEST" /grant everyone:(F)

I'm presently researching the /p option, that allows people to make choices according to variables specified in the batch file.
 
Last edited:
You'd need to set the permissions according to the drive letter. And the drive letter of USB drives, while Windows tries to give the same USB device the same letter everytime it's plugged in, it's possible that the drive letter can change if another device takes it instead.

What I'd do, is prompt for the drive letter, and then run the command on the drive according to what letter was provided.

PowerShell may be a better suit for this as well - it's more robust and powerful than batch files.

How would I go about prompting for the drive letter in CMD ?
 
OH so that's what you mean by prompt. I thought you meant the batch script finding the drive letter itself, and then proceeding to the script. Holy crap that's a lot easier, I also checked out the old thread... Holy christ I didn't even know that still existed.. :O Could we modify it to prompt for the drive letter first ? because the directory is gonna be the same all the time, the drive letter should be too. If it's not then I'll have to write another script to change it.
 
Last edited:
Back
Top Bottom