Originally Posted By: NTDOC
I'll try to take a look at it further and offer advice when I have more time.

Basically though you have a security issue as I view it. You should NOT allow the system to be in a non secure state that would allow a normal user to login and create and set his/her own shares and ACL (Access Control List)
To me this is just wrong and begs for someone to come along and abuse it and or really cause problems either on purpose or accidentally. You or someone else as an Admin should be the one creating this and setting security appropriately.

Now you can write code to help you as an Admin automate it but I would never allow a user to login and create.


Yea it looked to me like XCACLS.vbs was creating the share with FULL user and FULL Admin rights, I would much rather prefer it to just create the share based off the domain/UID and assign R/W to the user share on their share and FULL to admin. I was looking at the other location where this script is working and I noticed a few things, there NETLOGON in based in the C:\WINNT\System32\Repl\Scripts\Import on a W2K Server box, we are Win 2003 so our NETLOGON is based in system32\GroupPolicy\Machine\Scripts so I am not sure if that is an issue as I remember scripts had to be run from the Repl Dir on win NT. Also when a user at the other location with win2k or xp logs on if kix is not found locally it installs in and at our location that does not happen so I am wondering if that might cause this to not work as well.

Thanks for your help