Give AD user Full Control over a file - Powershell and .CSV

Hi

*** Environment***
Windows 2003 AD

Hi

I am looking for a way, in powershell to have some columns in .csv and then run permissioning on files to give full control:
I.e
ColumnA   |  ColumnB   | Action
File1          |  User1       |  Give full control to user on file in ColumnA
File2          |  User2       |  Give full control to user on file in ColumnA
File3          |  User3       |  Give full control to user on file in ColumnA
File4          |  User4       |  Give full control to user on file in ColumnA
File5          |  User5       |  Give full control to user on file in ColumnA

All files will be in one (1) directory only.
I hope this makes sense?

I had a similar request earlier, resolve by Chris-Dent (massive thaks Chris..!) whereby I would have a column with security groups and a column with users and then the users would be added to the groups when I run the script...

************************************************************************************************************
ForEach ($Entry in (Import-CSV "c:\scripts\test_data\imp2.csv")) {
  ($Entry.ColumnB).Split(";") | %{ Add-QADGroupMember $Entry.ColumnA -Member $_ }
}
***********************************************************************************************************
I would like to get something that is similar or as straight forward...
I hope my request makes sense...

In summary, I am just trying to give full control to a .pst file for a user in AD without moving the .pst to any home folder etc and on a multiple scale > 600 pst's and 600 users (1-2-1)

Cheers
Bry
bryan oakley-wigginsSenior Cloud EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

It's a bit more complex as you have to mess with Security Descriptors. Not too bad though :)

Chris
$DomainName = "YourDomain"
$BasePath = "C:\SomeFolder\"
Import-CSV "List.csv" | %{
  $ACL = Get-ACL "$BasePath\$($_.ColumnA)"
 
  $AccessRule = New-Object `
    System.Security.AccessControl.FileSystemAccessRule(`
      "$DomainName\$($_.ColumnB)", `
      "FullControl", `
      "Allow")
 
  $ACL.AddAccessRule($AccessRule)
 
  Set-ACL "$BasePath\$($_.ColumnA)" -AclObject $ACL
}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bryan oakley-wigginsSenior Cloud EngineerAuthor Commented:
Hey - Hi Chris

Chuffed you picked this one up as well..! Thanks buddy.
Ok - I checked import-csv and all looks good that end and the script works like a dream..!

wow, you truly are extremely switched on...

Would it be easy to output all the actions to a logfile, so that I can effectively get a status report on the files permissioned?

No worries if not, this has answered my question and I will accept of course.
thanks again Chris, I genuinely really appreciate the help you have given..!

Cheers
Bry


0
Chris DentPowerShell DeveloperCommented:

Did you need it to catch errors? At the moment it'll throw a big red message to the PowerShell prompt if it has a problem.

Otherwise success can be assumed :) It's still possible to log things, just depends on what you'd like to see in a log file.

Chris
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

bryan oakley-wigginsSenior Cloud EngineerAuthor Commented:
Hi Chris

I was just maybe looking to out-file (or something) the files actioned.. Not errors, per se...
It's great as it is though, I am happy with assuming success if I do not see any red errors in the prompt :-)

Thanks again Chris, you are awesome..! I am really going to knuckle down and get a great grip on learning powershell - Do you have any tips on fgood books/articles to begin learning powershell?

I will accept the answer shortly..
also, you've really helpded me out on these couple of scripts and points almost seem to little a way to say thanks..!

maybe if you support a charity or something, I could make a small donation or something? if not, just please accept my sincerest thanks for your help..!

Cheers
Bry
0
bryan oakley-wigginsSenior Cloud EngineerAuthor Commented:
bang-on..!

Thanks so much Chris-Dent.

Cheers
Bry
0
Chris DentPowerShell DeveloperCommented:

Sorry for the delay getting back to you, I was on holiday for a few days.

Anyway... first things first, making the script say what it's up to. I've added a couple of lines with options there. Since we're not controlling errors I don't see there's a lot to gain by writing a running status, if we were watching for errors then I would have that, makes it quite complex though.

> Do you have any tips on fgood books/articles to begin learning powershell?

I'm rubbish at answering questions like that. I tend to explore / play / prod rather than reading to get to grips with it all. Anything I read tends to focus on the minutia rather than the fundamentals of the language. Besides, I had a head start, I'd been doing fairly serious scripting with VbScript for a number of years prior to learning PowerShell.

Fortunately... Brandon has far better pointers for anyone starting out (lots of links and a few book recommendations) in his profile here:

http://www.experts-exchange.com/M_4238767.html

Much more useful :)

Chris
$DomainName = "YourDomain"
$BasePath = "C:\SomeFolder\"
Import-CSV "List.csv" | %{
  # Just echoing a line
  Write-Host "$($_.ColumnA): Adding FullControl for $($_.ColumnB)"
  # Appending to a Text File
  "$($_.ColumnA): Adding FullControl for $($_.ColumnB)" >> "LogFile.log"
 
  $ACL = Get-ACL "$BasePath\$($_.ColumnA)"
 
  $AccessRule = New-Object `
    System.Security.AccessControl.FileSystemAccessRule(`
      "$DomainName\$($_.ColumnB)", `
      "FullControl", `
      "Allow")
 
  $ACL.AddAccessRule($AccessRule)
 
  Set-ACL "$BasePath\$($_.ColumnA)" -AclObject $ACL
}

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.