Shawn/Doc,

Per Shawn's suggestion, I took heed and converted the WSH to KIX. I ran it through KIXSTRIP for 4.00. It is untested as I don't have my 2000 box here, but is starting to look O.K. So, here goes....

code:

 ; -- createshare.kix
 ; -- 08/10/2001 
 ; -- Kent Dyer 
 ; -- Version .8a Release 
 ; The basis of this is using code from - http://cwashington.netreach.net/script_repository/view_scripts.asp?Index=360&S criptType=vbscript  
 ; It requires the ADSI SDK from - http://www.microsoft.com/NTWorkstation/downloads/Other/ADSI25.asp  
 ; You will need to REGSVR32 the ADSSECURITY.DLL from the ADSI SDK 
 BREAK ON
 CLS
 ; Check for Kix version 4.x and up
 $kixv = InStr(@KIX, "4.")
 If $kixv = 0
	? "Kix 4.00 is required - Sorry."
	Sleep 2
 Exit
 EndIf
 DIM $textusr
 DIM $textshare
 ; Create objects 
 $ofs = CreateObject("Scripting.FileSystemObject")
 $sec = CreateObject("ADsSecurity")
 IF $sec
       ; Capture the name of the person you are working with 
       COLOR g+/n
       ? "Enter the userid of the person - jdoe"
       COLOR w+/n
       ? 
       GETS $textusr
       IF $textusr = ""
             COLOR r+/n
             ? "No UserID input provided.  Stopping script now."
             COLOR w+/n
             SLEEP 2
             EXIT
       ENDIF
       ; Capture the name of the server are you adding the share to 
       COLOR g+/n
       ? "Enter the server - server"
       COLOR w+/n
         
       ? 
       GETS $textshare
       IF $textshare = ""
             COLOR r+/n
             ? "No Server Name input provided.  Stopping script now."
             COLOR w+/n
             SLEEP 2
             EXIT
       ENDIF
       ; Setting the user$ variable - jdoe$ - Hidden shares don;t show when browsing to a server 
       $textsharen = $textusr & Chr(36)
       ; Path for user folders 
       $usershare = "\\" & $textshare & "\users"
       ; Now let;s create a variable to work with - \\SERVER\users\jdoe 
       ; Directory to save 
       $userdir = "\\"& $textshare & "\users\" & $textusr
       ; Create folder 
       $createfolder = Exist($userdir)
       IF $createfolder <> 1
             MD $userdir
       ENDIF
       ; Create share 
       $fservobj = GetObject("WinNT://"& $textshare & "/lanmanserver")
       ; Create the share for the server jdoe$ 
       $newshare = $fservobj.create("fileshare",$textsharen)
       ; Set the path for the share on the server - D:\Users 
       $newshare.path = "D:\Users\" & $textusr
       $newshare.setinfo
       $newshare = Nothing
       ; Set ACLs 
       $filenm = $userdir
       $permspart = "add(" & $textusr & ":c)+add(domain admins:F)+add(Administrators:F)+del(everyone:F)"
       ;-- Replace ACL on single file or folder------- 
       $chkfile=$ofs.fileexists($filenm) ; make sure file exists
            
       IF $chkfile=true
             $changeacls $filenm, $permspart, "REPLACE", "FILE"
       ELSE
             $chkfolder=$ofs.folderexists($filenm) ; if its not a file, is it a folder?
             IF $chkfolder=true
                   $changeacls $filenm, $permspart, "REPLACE", "FOLDER"
             ENDIF
       ENDIF
            
       $ofs=nothing
       FUNCTION ChangeAcls($file,$perms,$redit,$ffolder)
             ;- Edit ACLS of specified file ----- 
             Const ADS_ACETYPE_ACCESS_ALLOWED = 0
             Const ADS_ACETYPE_ACCESS_DENIED = 1
             Const ADS_ACEFLAG_INHERIT_ACE = 2
             Const ADS_ACEFLAG_SUB_NEW = 9
                        
             $sd = GetSecurityDescriptor("FILE://"+$file+")"
             $dacl = $sd.discretionaryacl
             ;if flagged Replace then remove all existing aces from dacl first 
             IF ucase($redit)="REPLACE"
                   FOR EACH $existingace IN $dacl
                         $dacl.removeace $existingace
                   NEXT
             ENDIF
                        
             ;break up Perms into individual actions 
             $cmdarray=split($perms,"+")
                      
             FOR x=0 TO ubound($cmdarray)
                   $tmpvar1=$cmdarray(x)
                   IF ucase(left($tmpvar1,3))="DEL"
                         $aclaction="DEL"
                   ELSE
                         $aclaction="ADD"
                   ENDIF
                                          
                   $tmpcmdvar=left($tmpvar1,len($tmpvar1)-1)
                   $tmpcmdvar=right($tmpcmdvar,len($tmpcmdvar)-4)
                   $cmdparts=split($tmpcmdvar,":")
                   $namevar=$cmdparts(0)
                   $rightvar=$cmdparts(1)
                                          
                   ; if flagged edit, delete ACE;s belonging to user about to add an ace for 
                                      
                   IF ucase($redit)="EDIT"
                         FOR EACH existingAce IN $dacl
                               $trusteevar=existingAce.trustee
                               IF instr(trusteeVar,"\")
                                     $trunamevar=right($trusteevar,len($trusteevar)-instr($trusteevar,"\"))
                               ELSE
                                     $trunamevar=$trusteevar
                               ENDIF
                                                                            
                               $uctrunamevar=ucase($trunamevar)
                               $ucnamevar=ucase($namevar)
                                                                            
                               IF $uctrunamevar=$ucnamevar
                                     $dacl.removeace $existingace
                               ENDIF
                         NEXT
                   ENDIF
                   ; if action is to del ace then following clause skips addace 
                   IF $aclaction="ADD"
                         IF ucase($ffolder)="FOLDER"
                               ; folders require 2 aces for user (to do with inheritance) 
                               $addace $dacl, $namevar, $rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_SUB_NEW
                               $addace $dacl, $namevar, $rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE
                         ELSE
                               $addace $dacl, $namevar, $rightvar, ADS_ACETYPE_ACCESS_ALLOWED,0
                         ENDIF
                   ENDIF
             NEXT
                        
             FOR EACH $ace IN $dacl
                   ; for some reason if ace includes "NT AUTHORITY" then existing ace does not get readded to dacl 
                                    
                   IF instr(ucase($ace.trustee),"NT AUTHORITY\")
                         $newtrustee=right($ace.trustee, len($ace.trustee)-instr($ace.trustee, "\"))
                         $ace.trustee=newtrustee
                   ENDIF
             NEXT
                        
             ; final sets and cleanup 
             $sd.discretionaryacl = $dacl
             $sec.setsecuritydescriptor $sd
             $sd=nothing
             $dacl=nothing
             $sec=nothing
       ENDFUNCTION
       FUNCTION addace($dacl, $trustee, $maskvar, $acetype, $aceflags)
             ; add ace to the specified dacl 
             Const RIGHT_READ = &H80000000
             Const RIGHT_EXECUTE = &H20000000
             Const RIGHT_WRITE = &H40000000
             Const RIGHT_DELETE = &H10000
             Const RIGHT_FULL = &H10000000
             Const RIGHT_CHANGE_PERMS = &H40000
             Const RIGHT_TAKE_OWNERSHIP = &H80000
                        
             $ace = CreateObject("AccessControlEntry")
             $ace.trustee = $trustee
                        
             SELECT
             CASE
                   ucase($maskvar)
                   ; specified rights so far only include FC & R. Could be expanded though 
             CASE
                   "F"
                   $ace.accessmask = RIGHT_FULL
             CASE
                   "C"
                   $ace.accessmask = RIGHT_READ OR RIGHT_WRITE OR RIGHT_EXECUTE OR      RIGHT_DELETE
             CASE
                   "R"
                   $ace.accessmask = RIGHT_READ OR RIGHT_EXECUTE
             ENDSELECT
                        
             $ace.acetype = $acetype
             $ace.aceflags = $aceflags
             $dacl.addace $ace
             $ace=nothing
       ENDFUNCTION
 ELSE
       COLOR r+/n
       ?"ADsSecurity not installed on this machine"
       COLOR w+/n
       SLEEP 2
       EXIT
 ENDIF
 EXIT

And Shawn, yes this destroyed my Friday evening too!

Whad'ya think?

Cheers!

- Kent

[ 13 August 2001: Message edited by: kdyer ]

_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's