Scripting Question

Deploying a script to lock folders down so that users cannot access them

09/30/2015 1250 views

Hi Guys I have written a simple batch script to lock down a folder so that domain users cannot access it, and the script works as expected. What I have found after deploying it to the users is that the script makes its way to the PC's targeted but for some reason a percentage of unknown number of PC's do not kick off the script and on others it does. Yet the KACE log shows that the PC's have run the script. I then login to some of the PC's that have receive the script but have not run, then deploy the script again via KACE and then it runs successfully...??? Why would this be? Is there a way to track the effect of the script via KACE so that we can find out which ones have "Actually" run vs the PC's that have not and or vice versa?

Redacted version of the batch script

icacls "C:\Program Files\x\x\x\rdata\archive" /reset /T
icacls "C:\Program Files\x\x\\rdata\archive" /deny "jdg\domain users":(OI)(CI)f
icacls "C:\Program Files\x\x\x\rdata\archive" /grant:r "CREATOR OWNER":(oi)(ci)f
icacls "C:\Program Files\x\x\x\rdata\archive" /grant:r "SYSTEM":(oi)(ci)f
icacls "C:\Program Files\x\x\x\rdata\archive" /grant:r "Users":(oi)(ci)f
icacls "C:\Program Files\x\x\x\rdata\archive" /grant:r "administrators":(oi)(ci)f
icacls "C:\Program Files\x\x\x\rdata\archive" /inheritance:r

2 Comments   [ + ] Show comments


  • Does the KACE agent have rights to preform this task?
  • Thanks Guys for the input, Flag makes it easier to track on which PC's it applies, just worried as to why it would not apply after deployment on some PC's.

All Answers

Try specifying the full path to icacls.exe - never rely on any environment variables when deploying via a system account.
Answered 09/30/2015 by: EdT
Red Belt

If you *have* to use batch and its primitive - or, in this case, non-existent - error handling, you could write a flag file to a location. If the file doesn't exist on script completion, it would probably be fair to assume that it didn't complete successfully.
Answered 10/01/2015 by: VBScab
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ