Assigning Disk Quotas by Group Membership

Script a quota management tool


One of the advantages of scripting is that it lets you make the OS work in ways that are technically possible but that the graphical tools don't support. For example, take disk quotas. Windows 2000 introduced disk quotas for NTFS volumes. This feature is great, except for one drawback: You assign disk quotas by username, not by group membership. This limitation complicates disk quota management—you need to create and delete quotas for individual users; you can't manage quotas for groups of users. If you have more than a few user accounts, managing them gets unwieldy. However, you can use scripting to get around this limitation.

The groupquota.vbs script I created for this task, which Listing 1 shows, creates disk quota entries for people according to their current group memberships. The tool is an improvement over the GUI but does have some limitations. For example, although the script works by querying current memberships, it can't reflect changes in the group population. If someone leaves or joins a group, the disk quotas in place won't automatically reflect the change. Although groupquota.vbs isn't a complex quota management tool, it does let you more easily manage Windows disk quotas by using only the tools in the box. In this issue, I show you how to perform an action on all members of a group, enable disk quotas for a machine, and apply new quota limits based on group membership.

Warning: If you enable and enforce a disk quota for someone who's already over quota for that disk, you'll prevent that user from writing to that disk at all—including temporary files. Be very careful how you use this script.

Specifying a Group and Enumerating Its Members
The first part of groupquota.vbs can apply to any action you want to perform on all members of a user group or of an Active Directory (AD) organizational unit (OU) or domain, if you choose to organize your groups that way. Many of the scripts I write for this column deal with user or computer accounts, so they wouldn't work well for this situation—we want to work with groups, not individuals. Also, I didn't want to run this script as a logon script; I wanted to set up disk space quotas for members of a group on a file server or other shared computer once, then forget it. Therefore, the script works by connecting to a certain group in a certain domain, then executing a set of statements on each member of that group.

I could have hard-coded the domain name and group name into the script, but that approach is awkward. Instead, I let the person who runs the script supply as arguments the group name and the drive letter for which he or she wants to set up quotas.

To launch the script, you need to open the command-shell window and run the command

groupquota.vbs group x:\

where group is the name of the group to which you want to connect and x is the drive letter that represents the disk to which you want to assign quotas. If your group name includes spaces, you must enclose it in quotation marks.

To retrieve the group name and drive letter, the script uses the Arguments property of the WScript object, which is Windows Script Host's (WSH) root object. The script then assigns those values to the sGroup and sDrive variables, respectively.

The script gets the domain name from the computer on which you're running the script. As the code at callout A in Listing 1 shows, the script creates an instance of WSH's WshNetwork object, then uses that object's UserDomain property to retrieve the domain name. Because you can use the disk quota object only on the local computer, not a remote computer, the script will provide the correct domain name.

Setting Up Disk Quotas
After you sort out the group memberships for the current user, you can apply the code for setting up the disk quotas. To work with any aspect of disk quotas—setting per-user quotas, enumerating quota properties, or even checking to see whether quotas are enabled—you use the DiskQuotaControl object to create a sort of prototype of a disk quota. After you have this generic disk quota, the DiskQuotaControl object's Initialize method lets you specify the disk to which you want to apply quotas and connect to that disk's quota system. (If you plan to set up quotas for more than one disk, you need to initialize the connection to each one individually. Windows manages quotas for each disk separately, and you can maintain a connection to only one drive letter at a time.) For example, if you enter a command-line argument of C:\, the code at callout B would initialize the connection to the C drive. The True value initializes the connection for read/write access.

Next, you need to enable disk quotas—they're disabled by default, which you can see by echoing the value of the DiskQuotaControl object's QuotaState property to the screen. Table 1 lists the possible values for the QuotaState property. To enable quotas and enforce the limits, set the value of QuotaState to 2, as the code at callout C shows.

While you're adjusting the default quota settings, you can also enable event logging for exceeded quotas or warning thresholds. Simply use the DiskQuotaControl object's LogQuotaLimit and LogQuotaThreshold properties, respectively.

Creating the Quota Entry
Creating the quota entry is a piece of cake. After initializing the connection with read/write access, groupquota.vbs uses the DiskQuotaControl object's AddUser method. As the code at callout D shows, this method needs only one argument: the username of the user to whom you're applying the quota. In this case, the sUsername variable contains the username. Then, the script finds the new user quota—yes, even though you just created the quota, you still have to find it—and sets a warning threshold and quota limit.

Extending the Script
Groupquota.vbs is a convenient, automated interface that lets you set up disk quotas for many users at one time, defined only by their group membership. This script is easily extendable. For example, you could extend this script to read the list of groups in the domain, then use VBScript's Select Case statement to create disk quotas for each group. Or, you could inventory system drives and set up quotas on more than one disk at a time. The main point is that you can use scripting to enable Windows to perform tasks—in this case, setting up disk quotas for groups—that aren't possible from the GUI.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.