Give AD user Full Control over a file - Powershell and .CSV

Hi

*** Environment***
Windows 2003 AD

Hi

I am looking for a way, in powershell to have some columns in .csv and then run permissioning on files to give full control:
I.e
ColumnA   |  ColumnB   | Action
File1          |  User1       |  Give full control to user on file in ColumnA
File2          |  User2       |  Give full control to user on file in ColumnA
File3          |  User3       |  Give full control to user on file in ColumnA
File4          |  User4       |  Give full control to user on file in ColumnA
File5          |  User5       |  Give full control to user on file in ColumnA

All files will be in one (1) directory only.
I hope this makes sense?

I had a similar request earlier, resolve by Chris-Dent (massive thaks Chris..!) whereby I would have a column with security groups and a column with users and then the users would be added to the groups when I run the script...

************************************************************************************************************
ForEach ($Entry in (Import-CSV "c:\scripts\test_data\imp2.csv")) {
  ($Entry.ColumnB).Split(";") | %{ Add-QADGroupMember $Entry.ColumnA -Member $_ }
}
***********************************************************************************************************
I would like to get something that is similar or as straight forward...
I hope my request makes sense...

In summary, I am just trying to give full control to a .pst file for a user in AD without moving the .pst to any home folder etc and on a multiple scale > 600 pst's and 600 users (1-2-1)

Cheers
Bry
bryan oakley-wigginsSenior Cloud EngineerAsked:
Who is Participating?
 
Chris DentPowerShell DeveloperCommented:

It's a bit more complex as you have to mess with Security Descriptors. Not too bad though :)

Chris
$DomainName = "YourDomain"
$BasePath = "C:\SomeFolder\"
Import-CSV "List.csv" | %{
  $ACL = Get-ACL "$BasePath\$($_.ColumnA)"
 
  $AccessRule = New-Object `
    System.Security.AccessControl.FileSystemAccessRule(`
      "$DomainName\$($_.ColumnB)", `
      "FullControl", `
      "Allow")
 
  $ACL.AddAccessRule($AccessRule)
 
  Set-ACL "$BasePath\$($_.ColumnA)" -AclObject $ACL
}

Open in new window

0
 
bryan oakley-wigginsSenior Cloud EngineerAuthor Commented:
Hey - Hi Chris

Chuffed you picked this one up as well..! Thanks buddy.
Ok - I checked import-csv and all looks good that end and the script works like a dream..!

wow, you truly are extremely switched on...

Would it be easy to output all the actions to a logfile, so that I can effectively get a status report on the files permissioned?

No worries if not, this has answered my question and I will accept of course.
thanks again Chris, I genuinely really appreciate the help you have given..!

Cheers
Bry


0
 
Chris DentPowerShell DeveloperCommented:

Did you need it to catch errors? At the moment it'll throw a big red message to the PowerShell prompt if it has a problem.

Otherwise success can be assumed :) It's still possible to log things, just depends on what you'd like to see in a log file.

Chris
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
bryan oakley-wigginsSenior Cloud EngineerAuthor Commented:
Hi Chris

I was just maybe looking to out-file (or something) the files actioned.. Not errors, per se...
It's great as it is though, I am happy with assuming success if I do not see any red errors in the prompt :-)

Thanks again Chris, you are awesome..! I am really going to knuckle down and get a great grip on learning powershell - Do you have any tips on fgood books/articles to begin learning powershell?

I will accept the answer shortly..
also, you've really helpded me out on these couple of scripts and points almost seem to little a way to say thanks..!

maybe if you support a charity or something, I could make a small donation or something? if not, just please accept my sincerest thanks for your help..!

Cheers
Bry
0
 
bryan oakley-wigginsSenior Cloud EngineerAuthor Commented:
bang-on..!

Thanks so much Chris-Dent.

Cheers
Bry
0
 
Chris DentPowerShell DeveloperCommented:

Sorry for the delay getting back to you, I was on holiday for a few days.

Anyway... first things first, making the script say what it's up to. I've added a couple of lines with options there. Since we're not controlling errors I don't see there's a lot to gain by writing a running status, if we were watching for errors then I would have that, makes it quite complex though.

> Do you have any tips on fgood books/articles to begin learning powershell?

I'm rubbish at answering questions like that. I tend to explore / play / prod rather than reading to get to grips with it all. Anything I read tends to focus on the minutia rather than the fundamentals of the language. Besides, I had a head start, I'd been doing fairly serious scripting with VbScript for a number of years prior to learning PowerShell.

Fortunately... Brandon has far better pointers for anyone starting out (lots of links and a few book recommendations) in his profile here:

http://www.experts-exchange.com/M_4238767.html

Much more useful :)

Chris
$DomainName = "YourDomain"
$BasePath = "C:\SomeFolder\"
Import-CSV "List.csv" | %{
  # Just echoing a line
  Write-Host "$($_.ColumnA): Adding FullControl for $($_.ColumnB)"
  # Appending to a Text File
  "$($_.ColumnA): Adding FullControl for $($_.ColumnB)" >> "LogFile.log"
 
  $ACL = Get-ACL "$BasePath\$($_.ColumnA)"
 
  $AccessRule = New-Object `
    System.Security.AccessControl.FileSystemAccessRule(`
      "$DomainName\$($_.ColumnB)", `
      "FullControl", `
      "Allow")
 
  $ACL.AddAccessRule($AccessRule)
 
  Set-ACL "$BasePath\$($_.ColumnA)" -AclObject $ACL
}

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.