bryan oakley-wiggins
asked on
Give AD user Full Control over a file - Powershell and .CSV
Hi
*** Environment***
Windows 2003 AD
Hi
I am looking for a way, in powershell to have some columns in .csv and then run permissioning on files to give full control:
I.e
ColumnA | ColumnB | Action
File1 | User1 | Give full control to user on file in ColumnA
File2 | User2 | Give full control to user on file in ColumnA
File3 | User3 | Give full control to user on file in ColumnA
File4 | User4 | Give full control to user on file in ColumnA
File5 | User5 | Give full control to user on file in ColumnA
All files will be in one (1) directory only.
I hope this makes sense?
I had a similar request earlier, resolve by Chris-Dent (massive thaks Chris..!) whereby I would have a column with security groups and a column with users and then the users would be added to the groups when I run the script...
************************** ********** ********** ********** ********** ********** ********** ********** ********** **
ForEach ($Entry in (Import-CSV "c:\scripts\test_data\imp2 .csv")) {
($Entry.ColumnB).Split(";" ) | %{ Add-QADGroupMember $Entry.ColumnA -Member $_ }
}
************************** ********** ********** ********** ********** ********** ********** ********** ********** *
I would like to get something that is similar or as straight forward...
I hope my request makes sense...
In summary, I am just trying to give full control to a .pst file for a user in AD without moving the .pst to any home folder etc and on a multiple scale > 600 pst's and 600 users (1-2-1)
Cheers
Bry
*** Environment***
Windows 2003 AD
Hi
I am looking for a way, in powershell to have some columns in .csv and then run permissioning on files to give full control:
I.e
ColumnA | ColumnB | Action
File1 | User1 | Give full control to user on file in ColumnA
File2 | User2 | Give full control to user on file in ColumnA
File3 | User3 | Give full control to user on file in ColumnA
File4 | User4 | Give full control to user on file in ColumnA
File5 | User5 | Give full control to user on file in ColumnA
All files will be in one (1) directory only.
I hope this makes sense?
I had a similar request earlier, resolve by Chris-Dent (massive thaks Chris..!) whereby I would have a column with security groups and a column with users and then the users would be added to the groups when I run the script...
**************************
ForEach ($Entry in (Import-CSV "c:\scripts\test_data\imp2
($Entry.ColumnB).Split(";"
}
**************************
I would like to get something that is similar or as straight forward...
I hope my request makes sense...
In summary, I am just trying to give full control to a .pst file for a user in AD without moving the .pst to any home folder etc and on a multiple scale > 600 pst's and 600 users (1-2-1)
Cheers
Bry
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you need it to catch errors? At the moment it'll throw a big red message to the PowerShell prompt if it has a problem.
Otherwise success can be assumed :) It's still possible to log things, just depends on what you'd like to see in a log file.
Chris
ASKER
Hi Chris
I was just maybe looking to out-file (or something) the files actioned.. Not errors, per se...
It's great as it is though, I am happy with assuming success if I do not see any red errors in the prompt :-)
Thanks again Chris, you are awesome..! I am really going to knuckle down and get a great grip on learning powershell - Do you have any tips on fgood books/articles to begin learning powershell?
I will accept the answer shortly..
also, you've really helpded me out on these couple of scripts and points almost seem to little a way to say thanks..!
maybe if you support a charity or something, I could make a small donation or something? if not, just please accept my sincerest thanks for your help..!
Cheers
Bry
I was just maybe looking to out-file (or something) the files actioned.. Not errors, per se...
It's great as it is though, I am happy with assuming success if I do not see any red errors in the prompt :-)
Thanks again Chris, you are awesome..! I am really going to knuckle down and get a great grip on learning powershell - Do you have any tips on fgood books/articles to begin learning powershell?
I will accept the answer shortly..
also, you've really helpded me out on these couple of scripts and points almost seem to little a way to say thanks..!
maybe if you support a charity or something, I could make a small donation or something? if not, just please accept my sincerest thanks for your help..!
Cheers
Bry
ASKER
bang-on..!
Thanks so much Chris-Dent.
Cheers
Bry
Thanks so much Chris-Dent.
Cheers
Bry
Sorry for the delay getting back to you, I was on holiday for a few days.
Anyway... first things first, making the script say what it's up to. I've added a couple of lines with options there. Since we're not controlling errors I don't see there's a lot to gain by writing a running status, if we were watching for errors then I would have that, makes it quite complex though.
> Do you have any tips on fgood books/articles to begin learning powershell?
I'm rubbish at answering questions like that. I tend to explore / play / prod rather than reading to get to grips with it all. Anything I read tends to focus on the minutia rather than the fundamentals of the language. Besides, I had a head start, I'd been doing fairly serious scripting with VbScript for a number of years prior to learning PowerShell.
Fortunately... Brandon has far better pointers for anyone starting out (lots of links and a few book recommendations) in his profile here:
https://www.experts-exchange.com/M_4238767.html
Much more useful :)
Chris
$DomainName = "YourDomain"
$BasePath = "C:\SomeFolder\"
Import-CSV "List.csv" | %{
# Just echoing a line
Write-Host "$($_.ColumnA): Adding FullControl for $($_.ColumnB)"
# Appending to a Text File
"$($_.ColumnA): Adding FullControl for $($_.ColumnB)" >> "LogFile.log"
$ACL = Get-ACL "$BasePath\$($_.ColumnA)"
$AccessRule = New-Object `
System.Security.AccessControl.FileSystemAccessRule(`
"$DomainName\$($_.ColumnB)", `
"FullControl", `
"Allow")
$ACL.AddAccessRule($AccessRule)
Set-ACL "$BasePath\$($_.ColumnA)" -AclObject $ACL
}
ASKER
Chuffed you picked this one up as well..! Thanks buddy.
Ok - I checked import-csv and all looks good that end and the script works like a dream..!
wow, you truly are extremely switched on...
Would it be easy to output all the actions to a logfile, so that I can effectively get a status report on the files permissioned?
No worries if not, this has answered my question and I will accept of course.
thanks again Chris, I genuinely really appreciate the help you have given..!
Cheers
Bry