Novell is now a part of Micro Focus

NTRights 1.2

Novell Cool Solutions: Cool Tool

Digg This - Slashdot This

In Brief

Grant group, file rights or registry rights from settings in the NTRIGHTS.INI file.


Product Categories:
  • ZENworks
  • Functional Categories:
  • Rights
  • Posted:3 Apr 2003
    File Size:310KB
    Publisher:Doug Glenn


    Please read the note from our friends in legal before using this file.


    NTRIGHTS.EXE allows administrators to selectively grant or revoke local file system or registry rights in Windows 2000. (Not tested for XP). The program optionally allows the administrator to shutdown and reboot the system. It can be used to run in pre or post launch scripts to grant or deny rights during program execution only.

    4/2/03- This update removes a debugging statement that caused a loss of functionality.

    Windows 2000 has both NTFS and registry file rights. Granting these rights is usually a manual process. Using NTRIGHTS.EXE you can now automate these procedures.

    Machines merged into a Domain. Rights are granted as Domain\User, not LocalMachine\User format

    How to use:
    Open the Application object.
    Select the Run Options tab.
    Select Environment from the Run Options tab.
    Select either Unsecure or Secure user. (Do NOT use Normal user!)
    Select the Distribution Options tab.
    Select the Distribution Scripts from the Distribution Options tab.
    Add the command to run NTRIGHTS.EXE in the "Run after distribution" text window with the path to the its INI file. Apply the changes.

    Warning: : Run this program outside of ZENworks as a local Administrator equivalent on Windows 2000 first!. Verify the changes are made to the system

    Bigger Warning: : If you are launching a program via NTRights in secure mode, make sure it does not prompt the user or it will hang as the program attempts to prompt the user for input. The program will wait until the external program has exited before continuing to run the next external program.

    Best Practices: Use the @ symbol rather than the # symbol to launch the program in the ZENworks scripts. This will allow ZENworks to always "succeed" and exit the installation. Use of the # symbol to wait for the script execution to finish is not good practice as outlined above in the previous paragraph. NTRights should reside in one directory and its INI (ntrights.ini) file within the directory of the application these rights are associated with. You can also use it in distribution and launch scripts for the same application by placing the INI file in a different directory from the other INI file.

    NTRights takes two command line variables. One is the directory where its INI (ntrights.ini) file is, and the other is REVOKE. The Directory path must be defined first or the script will fail. Permissions are granted by default. Use the revoke switch to remove them.

    Distribution script Program Example:
    @path_to/NTRights.exe path_to/ntrights.ini

    Note: Do not use a trailing back slash on the INI path.
    @r:\scripts\ntrights.exe r:\apps\application_name

    Ntrights path = i:\scripts\ntrights.exe
    Application directory Path = q:\apps\my_app (ntrights.ini is in this dir)
    Command line would be:
    @i:\scripts\ntrights.exe q:\apps\my_app

    By default it grants the rights in the INI file. To revoke rights in the INI file:
    Ntrights path = i:\scripts\ntrights.exe
    Application directory Path = q:\apps\my_app (ntrights.ini is in this dir)
    Command line would be:
    @i:\scripts\ntrights.exe q:\apps\my_app revoke (Or REVOKE)

    This is the heart of this program. Running this program by itself or without a valid ntrights.ini defined does nothing. The program only executes the procedures outlines in this file. The file has several sections. Each section within the brackets is case sensitive. Any section may be skipped or not included. Enclose any registry key, group or path that contains spaces within quotes. The file may even be empty. First, do no harm.

    Note: All entries are case sensitive. 'S' is not the same as 's'. This is especially true of the registry entries.

    This section is where you choose your file permissions. If you want to grant only create/modify rights to the current user then use:

    file# = path or filename. (where # starts at 1 and increments up. Do not actually use the # character). There is no limit to the number of files you can grant permissions to.

    This section allows you to grant the following rights to a file or directory. Rights that are defined in this section are applied (edited) against the current user in Domain\Username form. The workstation must be registered into a Domain.

    Here define the rights to grant or to revoke to a file or directory. Use the REVOKE command switch when launching the program in a post launch script.
    ( Ex: @i:\ntrights.exe m:\app revoke )

    file# = path or filename. (where # starts at 1 and increments up. Do not actually use the # character). There is no limit to the number of files you can grant/revoke permissions to.

    Perm# = Read, Write, Execute, Delete, Modify or Full. Match the perm# to the same as the file# that rights are to be granted or revoked. These must match!
    Note: If Full permission is granted, all other permissions are skipped.

    This section grants permission to any key value and below it. Specify the keys to grant permissions by using reg# (where # starts at 1 and increments. Do not actually use the # character). This basically grants the end user full rights.

    reg# = HIVE:KEY Name or value

    Hive Name Syntax: One of:


    boot = y
    or Y will cause the system to reboot in 30 seconds by default unless the time = option is used.

    time = # is the number of seconds to wait before rebooting.

    This section allows you to add the user to a list of local machine groups. Specify the groups to add the current user to using:
    group# = value. (where # starts at 1 and increments up. Do not use the actual # character.)

    This section allows you to optionally run other programs at the end of the script. Applications will execute regardless of the revoke command line. It is not recommended that you execute any programs when planning to use the grant/revoke feature. You may specify it in a separate INI file location. Specify the applications to run using:

    run# = "full path to executable in quotes" (where # starts at 1 and increments up)

    Note: None of these programs are allowed to require user input at all. This WILL cause the script to hang waiting for user input when run in Secure mode!

    log = yes
    . Enables logging of program execution for troubleshooting or auditing purposes. Defaults writing to the system %TEMP% directory as a text file named ntrights.log ( Usually c:\winnt\temp\ntrights.log )
    file = path to file. No trailing back slash. This option may be used to put the logfile other than the local %TEMP% directory as %USER%.log. It will post the log to that directory with the users ID and .log to the file name.

    Example NTRIGHTS.INI:
    file1 = "c:\program files\Netsoft"
    file2 = "c:\winnt\netsoft.ini"
    reg1 = HKLM\SOFTWARE\NetSoft
    reg2 = HKLM\SOFTWARE\Microsoft\MSLicense
    boot = y
    time = 8
    group1 = users

    group="Power Users"

    file1="d:\program files\myapp\myapp.exe"
    file2="d:\program files\yourapp\yourpaper.doc
    file3=d:\program files\yourapps\everyones.doc

    log = yes

    Bugs or Issues:
    Please include the ntrights.ini file and a description of the problem.

    Date: 10/21/02
    Version: 1.2

    Added ability to grant/revoke rights on the command line. Requested by - Jeff Ferris
    Added logging for troubleshooting purposes.
    Added ability to grant explicit file and directory rights. Requested by - Karen Duffell
    Created PDF Documentation.
    Reposted to Novell web site with documentation changes.

    10/16/02Version 1.1
    Corrected issue with registry rights reported by Karen Duffell.
    Reposted to Novell web site.

    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

    © Copyright Micro Focus or one of its affiliates