I need a Batch Script

[carnageX]

OH so that's what you mean by prompt. I thought you meant the batch script finding the drive letter itself, and then proceeding to the script. Holy crap that's a lot easier, I also checked out the old thread... Holy christ I didn't even know that still existed.. :O Could we modify it to prompt for the drive letter first ? because the directory is gonna be the same all the time, the drive letter should be too. If it's not then I'll have to write another script to change it.

Yes, you can modify it to prompt for the drive letter first. Just add that logic above everything else.

 

[luke127]

Unfortunately I just tested this script and it's not doing anything in terms of the security permissions:

cls
@ECHO OFF
set LOCKFODLER=Locker
set PASSWRD=hellothere
title Folder %LOCKFODLER%
if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST %LOCKFODLER% goto MDLOCKER
:CONFIRM
echo Are you sure you want to lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren %LOCKFODLER% "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
icacls %LOCKFOLDER%\* /deny Everyone:F
echo Folder locked
goto End
:UNLOCK
echo Enter the Password to unlock folder
set/p "pass=>"
if NOT %pass%== %PASSWRD% goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" %LOCKFODLER%
icacls %LOCKFOLDER%\* /grant Everyone:F
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md %LOCKFODLER%
echo %LOCKFODLER% created successfully
goto End
:End

It hides the folder, but doesn't change the permissions at all.
and I just got the error.

\$Recycle.Bin: Access is Denied

 

[luke127]

I think it's because we need the directory of the file built in, not using a variable. Let me see if I can reprogram that into it.

It's odd. I can run ICACLS "C:\Users\myname\Desktop\Locker" /deny everyone:F and it works fine from a command prompt without run as admin perms. Yet when I try to do it through a batch script, it gives the above error. Weird

However this might be caused because the C:\ drive is an operating system drive. ICACLS works on the F: drive without ANY problems whatsoever.

 

[luke127]

Ok, there's an interesting problem with this. Not only does it lock the %lockfolder% it also locks the access to the folder that it's in. If it's in the root of the USB, then it locks any files inside the root too. I think we might have to reprogram it to specify a specific directory, and not the variable.

After doing this, it appears to not cause any problems. It appears that ICACLS does NOT like variables inside a batch script...

 

[luke127]

OK SO AFTER NUMEROUS HOURS OF TWEAKING AND WORK, I HAVE COMPLETED IT.

cls
@ECHO OFF
set LOCKFOLDER=Locker
set PASSWRD=hellothere
title Folder %LOCKFODLER%
if EXIST "Locked" goto UNLOCK
if NOT EXIST %LOCKFODLER% goto MDLOCKER
:CONFIRM
echo Are you sure you want to lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren %LOCKFOLDER% "Locked"
attrib +h "Locked"
icacls F:\Locked /deny Everyone:F
echo Folder locked
goto End
:UNLOCK
echo Enter the Password to unlock folder
set/p "pass=>"
if NOT %pass%== %PASSWRD% goto FAIL
icacls F:\Locked /grant Everyone:F
attrib -h "Locked"
ren "Locked" %LOCKFOLDER%
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md %LOCKFOLDER%
echo %LOCKFOLDER% created successfully
goto End
:End

 

[luke127]

There's just one problem. This will only work for the F: drive letter. If someone can PLEASE help me get this last piece of the puzzle set up, I'll be extremely grateful

 

[carnageX]

There's just one problem. This will only work for the F: drive letter. If someone can PLEASE help me get this last piece of the puzzle set up, I'll be extremely grateful

Well of course it's only going to work on drive F:, because you hard-coded it in the batch file. If you want it to work on a different drive, then you'll need to change the letter in the batch file.

This is why I said to use PowerShell in the beginning, because it's more robust and has more functionality.

Unfortunately I just tested this script and it's not doing anything in terms of the security permissions:


It hides the folder, but doesn't change the permissions at all.
and I just got the error.

\$Recycle.Bin: Access is Denied

The reason you were having the permissions error with the Recycle Bin folder is because it's trying to set permissions on EVERY folder inside the root of the drive, which includes System folders (such as the Recycle Bin folder that gets created on every storage drive by default).

Because of this line:
icacls %LOCKFOLDER%\* /deny Everyone:F

Get around this by just putting everything you want to lock inside of a subdirectory, and then run icacls on the subdirectory instead of the root of the drive.

 

[luke127]

Power shell is just a pain to use though

 

[carnageX]

Power shell is just a pain to use though

How is it a pain to use...?

Write your script and test... just like batch files.

You don't have to use the PowerShell IDE.. you can just use Notepad (or Notepad++ for syntax highlighting).

 

[luke127]

It's a pain because I have to learn all the new syntaxes including the $ and .\ etc. Which I really don't want to/need to do.

Basically the last missing piece of this script is:

Prompt user for drive letter
set output of prompt to variable "drive"
input variable drive to the script.

Sounds simple enough, but is not the simplest thing to do in batch coding. I have looked into wmic and will see if this will run on batch scripts executed on computers which I do not have administrative permissions on. This whole script is designed to be run on ANY computer regardless of permissions, so I need to make sure the whole thing is designed efficiently and that it works.