DirProtect.vbs

1. 'DirProtect v1.0.1
2. 'https://pastebin.com/u/jcunews
3. 'https://www.reddit.com/user/jcunews1
4. '
5. 'Usage: DirProtect {unprotected directory}
6. '       DirProtect /u {protected directory}
7. '
8. 'Requirements: Windows 2003 or later version, NTFS drive, elevated privileges.
9. '
10. 'This script provides a simple protection for directories in NTFS drives where
11. 'contents of the protected directory can only be accessed from a shortcut file.
12. 'The shortcut file can then be renamed and placed anywhere else which only the
13. 'user will know. Junction or symbolic link is not used in order to prevent
14. 'applications from traversing directory typed file system objects, and to
15. 'prevent them from discovering the files within the protected directory.
16. '
17. 'Protection is done by moving and placing the directory in another inaccessible
18. 'directory of the same name. e.g. if the old directory location is at:
19. '
20. '  d:\my data\personal files
21. '
22. 'It will be moved into a new location:
23. '
24. '  d:\my data\personal files\personal files
25. '
26. 'Access to the old location will be denied, but access to the new location
27. 'will be allowed. Access to the protected directory is done by using a shortcut
28. 'file which will be created using the same name. e.g.:
29. '
30. '  d:\my data\personal files.lnk
31. '
32. 'To access the protected directory from a file selector dialog (e.g. "Open" or
33. '"Save" dialogs), change the view to show all files, then double click on the
34. 'protected directory shortcut file.
35. '
36. 'If the shortcut file is accidentally deleted, create one in an unprotected
37. 'directory by using the right-click popup menu and choose "New" then "Shortcut".
38. 'Manually type the new location of the protected directory.
39.  
40. sub help
41.   set f = fs.opentextfile(wscript.scriptfullname)
42.   s = ""
43.   do while true
44.     l = f.readline
45.     if left(l, 1) <> "'" then exit do
46.     s = s & mid(l, 2) & vbcrlf
47.   loop
48.   f.close
49.   wscript.echo left(s, len(s) - 2)
50.   wscript.quit 1
51. end sub
52.  
53. set fs = createobject("scripting.filesystemobject")
54. lock = not wsh.arguments.named.exists("U")
55. if wsh.arguments.unnamed.count = 0 then help
56. dir = wsh.arguments.unnamed(0)
57. if not fs.folderexists(dir) then
58.   wsh.echo "Specified directory is not found."
59.   wsh.quit 2
60. end if
61. set d = fs.getfolder(dir)
62. if d.parentfolder is nothing then
63.   wsh.echo "Specified directory must not be a root directory."
64.   wsh.quit 2
65. end if
66. if not fs.fileexists(fs.getspecialfolder(1) & "\config\system") then
67.   wsh.echo "This script must be run with elevated privileges."
68.   wsh.quit 2
69. end if
70. dir = d.path
71. dn = d.name
72. lkn = d.name & ".lnk"
73. lkp = dir & "\..\" & lkn
74. randomize
75. rn = round(rnd * 10000000000, 0)
76. set ws = createobject("wscript.shell")
77. set e = ws.environment("process")
78. u = e("userdomain") & "\" & e("username")
79. on error resume next
80. set xc = ws.exec("icacls.exe """ & dir & """")
81. if err.number <> 0 then
82.   wsh.echo "This script requires Windows 2003 or later versions." & vbcrlf & _
83.     xc.stderr.readall
84.   wsh.quit 2
85. end if
86. on error goto 0
87. s = split(xc.stdout.readall, vblf)
88. do while xc.status = 0
89.   wsh.sleep 20
90. loop
91. if xc.exitcode <> 0 then
92.   wsh.echo "Failed on retrieving directory permissions." & vbcrlf & _
93.     xc.stderr.readall
94.   wsh.quit 3
95. end if
96. sec = ""
97. for each l in s
98.   if instr(l, u & ":(DENY)") > 0 then
99.     sec = mid(l, instr(l, ":(DENY)") + 7)
100.     exit for
101.   elseif instr(l, "  No permissions are set.") > 0 then
102.     wsh.echo "Only directory of a local NTFS drive can be protected."
103.     wsh.quit 2
104.   end if
105. next
106. e = 0
107. if lock then
108.   if sec <> "" then
109.     wsh.echo "Specified directory is already protected."
110.     wsh.quit 2
111.   end if
112.   if fs.fileexists(lkp) then
113.     wsh.echo """" & dir & ".lnk" & """ shortcut file is already exists."
114.     wsh.quit 3
115.   end if
116.   on error resume next
117.   fs.createtextfile(lkp).close
118.   if err.number <> 0 then
119.     wsh.echo "Failed on creating shortcut file." & vbcrlf & err.description
120.     wsh.quit 3
121.   end if
122.   err.clear
123.   fs.createfolder dir & rn
124.   if e = 0 then
125.     err.clear
126.     fs.movefolder dir, dir & rn & "\" & dn
127.     e = err.number
128.     if e = 0 then
129.       err.clear
130.       fs.movefolder dir & rn, dir
131.       e = err.number
132.       if e = 0 then
133.         set lk = createobject("shell.application").namespace( _
134.           d.parentfolder.path).parsename(lkn).getlink
135.         lk.path = dir & "\" & dn
136.         lk.save
137.         set xc = ws.exec("icacls.exe """ & dir & """ /deny " & u & ":(rd)")
138.         xc.stdout.readall
139.         do while xc.status = 0
140.           wsh.sleep 20
141.         loop
142.         if xc.exitcode <> 0 then
143.           fs.movefolder dir, dir & rn
144.           wsh.echo "Failed on changing directory permissions." & vbcrlf & _
145.             xc.stderr.readall
146.         end if
147.       else
148.         wsh.echo "Failed on renaming directory." & vbcrlf & err.description
149.       end if
150.       if err.number <> 0 then fs.movefolder dir & rn & "\" & dn, dir
151.     else
152.       wsh.echo "Failed on moving directory." & vbcrlf & err.description
153.     end if
154.     if e <> 0 then fs.deletefolder dir & rn
155.   else
156.     wsh.echo "Failed on creating directory." & vbcrlf & err.description
157.   end if
158.   if e = 0 then
159.     wsh.echo """" & dir & """ directory has been protected." & vbcrlf & _
160.       "Use below shortcut file to access the protected directory." & _
161.       vbcrlf & vbcrlf & "  " & fs.getfile(lkp).path
162.   else
163.     fs.deletefile lkp
164.     wsh.quit 3
165.   end if
166. else
167.   if sec = "" then
168.     wsh.echo "Specified directory is not a protected directory."
169.     wsh.quit 2
170.   end if
171.   set xc = ws.exec("icacls.exe """ & dir & """ /remove:d " & u)
172.   xc.stdout.readall
173.   do while xc.status = 0
174.     wsh.sleep 20
175.   loop
176.   if xc.exitcode <> 0 then
177.     wsh.echo "Failed on changing directory permissions." & vbcrlf & _
178.       xc.stderr.readall
179.     wsh.quit 3
180.   end if
181.   if not fs.folderexists(dir & "\" & dn) then
182.     set xc = ws.exec("icacls.exe """ & dir & """ /deny " & _
183.       ws.environment("process")("username") & ":d")
184.     xc.stdout.readall
185.     do while xc.status = 0
186.       wsh.sleep 20
187.     loop
188.     wsh.echo "Specified directory is not a protected directory."
189.     wsh.quit 2
190.   end if
191.   if fs.fileexists(lkp) then fs.deletefile lkp
192.   fs.movefolder dir, dir & rn
193.   fs.movefolder dir & rn & "\" & dn, dir
194.   fs.deletefolder dir & rn
195.   wsh.echo """" & dir & """ directory protection has been removed."
196. end if
197.