TonyElam
asked on
powershell ftp directory creation
I have a powershell script that creates a directory based on input from the user. The begining of the script uses a raed-host to assign a directory name to "$AccountName". this is the portion of the code that I am using to assign permissions to the dreated directory,
# ---Set Permissions on Folder
"Setting Permissions on E:\SecureFtpSite\Support\$
$colRights = [System.Security.AccessCon
$Inherit = [System.Security.AccessCon
$Propagate = [System.Security.AccessCon
$objType =[System.Security.AccessCo
$User = New-Object System.Security.Principal.
$objACE = New-Object System.Security.AccessCont
$objACL = Get-Acl "E:\SecureFtpSite\Support\
$objACL.AddAccessRule($obj
Set-Acl "E:\SecureFtpSite\Support\
Start-Sleep -Seconds 5
"Permissions Successfully Applied!"
here is my issue. the created account is in the ftp users group for the site and every account created has permission to list in every directory created. I would like to restrict created accounts to only be able to view directories that are created for the specific account. Here is the code in its entirity. everything is working with the exception of the granular level of permissions I require. Any help would be appreciated
### PowerShell Script
### Create local User Acount
$AccountName = Read-Host "Please enter user account name (i.e. krisp)"
$FullName = Read-Host "Please enter the full name (i.e. Kris)"
$Description = Read-Host "Please enter the description (i.e. Krisp FTP Login)"
$Password = Read-Host "Please enter a password"
$Computer = "MYFTPSERVER"
"Creating user on $Computer"
# Access to Container using the COM library
$Container = [ADSI] "WinNT://$Computer"
# Create User
$objUser = $Container.Create("user", $Accountname)
$objUser.Put("Fullname", $FullName)
$objUser.Put("Description"
# Set Password
$objUser.SetPassword($Pass
# Save Changes
$objUser.SetInfo()
# Add User Flags
# The numbers are bitwise - 65536 is Password Never Expires ; 64 is User Cannot Change Password
$objUser.userflags = 65536 -bor 64
$objUser.SetInfo()
"User $AccountName created!"
" ------------------------"
# ---Create FTP local directory---
"Creating directory E:\SecureFtpSite\Support\$
New-Item E:\SecureFtpSite\Support\$
Start-Sleep -Seconds 5
"Directory $AccountName created!"
" ------------------------"
# ---Set Permissions on Folder
"Setting Permissions on E:\SecureFtpSite\Support\$
$colRights = [System.Security.AccessCon
$Inherit = [System.Security.AccessCon
$Propagate = [System.Security.AccessCon
$objType =[System.Security.AccessCo
$User = New-Object System.Security.Principal.
$objACE = New-Object System.Security.AccessCont
$objACL = Get-Acl "E:\SecureFtpSite\Support\
$objACL.AddAccessRule($obj
Set-Acl "E:\SecureFtpSite\Support\
Start-Sleep -Seconds 5
"Permissions Successfully Applied!"
" ------------------------"
# ---Add User to FTP Users Local Group
"Adding User to FTP Users Group"
$group = [ADSI]"WinNT://$computer/F
$group.add("WinNT://$compu
"User Added!"
"-------------------------
# ---Set Permissions on Folder
"Setting Permissions on E:\SecureFtpSite\Support\$
$colRights = [System.Security.AccessCon
$Inherit = [System.Security.AccessCon
$Propagate = [System.Security.AccessCon
$objType =[System.Security.AccessCo
$User = New-Object System.Security.Principal.
$objACE = New-Object System.Security.AccessCont
$objACL = Get-Acl "E:\SecureFtpSite\Support\
$objACL.AddAccessRule($obj
Set-Acl "E:\SecureFtpSite\Support\
Start-Sleep -Seconds 5
"Permissions Successfully Applied!"
here is my issue. the created account is in the ftp users group for the site and every account created has permission to list in every directory created. I would like to restrict created accounts to only be able to view directories that are created for the specific account. Here is the code in its entirity. everything is working with the exception of the granular level of permissions I require. Any help would be appreciated
### PowerShell Script
### Create local User Acount
$AccountName = Read-Host "Please enter user account name (i.e. krisp)"
$FullName = Read-Host "Please enter the full name (i.e. Kris)"
$Description = Read-Host "Please enter the description (i.e. Krisp FTP Login)"
$Password = Read-Host "Please enter a password"
$Computer = "MYFTPSERVER"
"Creating user on $Computer"
# Access to Container using the COM library
$Container = [ADSI] "WinNT://$Computer"
# Create User
$objUser = $Container.Create("user", $Accountname)
$objUser.Put("Fullname", $FullName)
$objUser.Put("Description"
# Set Password
$objUser.SetPassword($Pass
# Save Changes
$objUser.SetInfo()
# Add User Flags
# The numbers are bitwise - 65536 is Password Never Expires ; 64 is User Cannot Change Password
$objUser.userflags = 65536 -bor 64
$objUser.SetInfo()
"User $AccountName created!"
" ------------------------"
# ---Create FTP local directory---
"Creating directory E:\SecureFtpSite\Support\$
New-Item E:\SecureFtpSite\Support\$
Start-Sleep -Seconds 5
"Directory $AccountName created!"
" ------------------------"
# ---Set Permissions on Folder
"Setting Permissions on E:\SecureFtpSite\Support\$
$colRights = [System.Security.AccessCon
$Inherit = [System.Security.AccessCon
$Propagate = [System.Security.AccessCon
$objType =[System.Security.AccessCo
$User = New-Object System.Security.Principal.
$objACE = New-Object System.Security.AccessCont
$objACL = Get-Acl "E:\SecureFtpSite\Support\
$objACL.AddAccessRule($obj
Set-Acl "E:\SecureFtpSite\Support\
Start-Sleep -Seconds 5
"Permissions Successfully Applied!"
" ------------------------"
# ---Add User to FTP Users Local Group
"Adding User to FTP Users Group"
$group = [ADSI]"WinNT://$computer/F
$group.add("WinNT://$compu
"User Added!"
"-------------------------
ASKER
yes we want the user to only be able to view the dir he/she creates
Is the "everyone group" is in the security settings for the created folders? If so, try removing that.
ASKER
since we are assigning permissions by creating a specific user, and then assigning that user modify permission to the folder. I need to remove the FTP Users group from the permission to the folder.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BINGO! good job - the points are yours.
ASKER
thank you for you help in this matter. Your responses were constructive and timely :)
ASKER
the commands to set permissions were discovered by my own research
1. User creates directory with FTP
2. User can view the directory and all other directories
3. You want the user to only be able to view the directories she/he creates
Eh? Or is there a "specific account" that has the folder access specified, and a given user can access only those folders?