Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Script to change the permissions/owner of folders on a file server

Posted on 2009-05-01
Medium Priority
Last Modified: 2012-06-27
Due to a long standing practice of laziness when creating user accounts, my company is now left with over 2000 home directories with varying permission levels for various accounts. I've changed the policy on making users, but now I have to clean up the home directory permissions. Being that I've recently started learning (finally) Powershell, I figured I'd use that.

We have all of our home directories in one location, and all are named after the users username, as such:
I figure the easiest way to uniformly change them is to set the permissions of d:\home to the common permissions (Domain Admins: Full, BackupAccount:read, HelpdeskStaff:Change Permissions), then set the permissions on the users individual folders to allow them Change control. Seeing as the directory name always matches the username, I thought it would be fairly easy to use Powershell to grab all the directories, store them in an array, then pass the directory name to ICACLS.exe (I'd use the built in set-acl, but we also want to set the Owner, inheritance, etc... as well). The problem I'm having however, is getting the directory path into a format that works as the username.
I suspect the problem is the .SubString(3) will only work on strings, and I'm trying to use it on an object, but I can't find anything that'll convert the object into a string, or any similair functionality that'll work on an object.

Attached is the part of the script that's giving me fits. Any help appreciated!

$Foldername = Get-ChildItem * | Where-Object {$_.attributes -match "Directory"}
foreach ($Fullpath in $Foldername) {
$username = $Fullpath.SubString(3)
Write-Host $username

Open in new window

Question by:tilbard
LVL 71

Accepted Solution

Chris Dent earned 2000 total points
ID: 24279513

> then pass the directory name to ICACLS.exe

If you're using PowerShell you have Get-ACL and Set-ACL available. Given a choice I would use those over ICACLS. It can set the owner and do anything you like with inheritance.

Anyway, you probably want:

Get-ChildItem * | Where-Object {$_.attributes -match "Directory"} | %{
  $Username = $_.Name
  $FullPath = $_.FullName
  Write-Host $Username
  Write-Host $FullPath

The write-host statements are just to show you the values, wasn't quite sure which you wanted from the above.


Author Closing Comment

ID: 31576884
Perfect, exactly what I needed. Thanks!

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Loops Section Overview
Screencast - Getting to Know the Pipeline

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question