Ben Hart
asked on
Powershell Script request: remove folder security inheritance
"users" folder on specific server share. Random number of folders setup incorrectly up to two years ago, searching row by row too time consuming for 500+ users so I'm looking for a script that still stop inheritance and manually change a couple of the security entries.
Namely removing inheritance, adding the folders owner with full control (if they do not already exist), also removing "Authenticated Users" and/or "jak-2k3-mss/users" if they exist.
So folder named "Bsmith" current Security tab:
Administrators - Full
Authenticate Users - Modify
Domain Admins - Full
Backup Exec - Full
System - Full
Users - Modify
Changed to:
Administrator - Full
Domain Admins - Full
Backup Exec - Full
System - Full
Bsmith - Full (bsmith is also the folder name per login script if that helps)
The login script right now checks for the existence of a folder that matches the username, if none it creates one.
The folder creation part of the login script:
I include that in case I've got something wrong or if there's a variable I can add that will add the user with full control during creation time.
Namely removing inheritance, adding the folders owner with full control (if they do not already exist), also removing "Authenticated Users" and/or "jak-2k3-mss/users" if they exist.
So folder named "Bsmith" current Security tab:
Administrators - Full
Authenticate Users - Modify
Domain Admins - Full
Backup Exec - Full
System - Full
Users - Modify
Changed to:
Administrator - Full
Domain Admins - Full
Backup Exec - Full
System - Full
Bsmith - Full (bsmith is also the folder name per login script if that helps)
The login script right now checks for the existence of a folder that matches the username, if none it creates one.
The folder creation part of the login script:
Sub CheckForUserFolder(UserName)
On Error Resume Next
Dim ObjFSO
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
If Not(ObjFSO.FolderExists("\\jak-2k3-mss\users\" & UserName)) Then
Set newfolder = ObjFSO.CreateFolder("\\jak-2k3-mss\Users\" & UserName)
End If
End Sub
I include that in case I've got something wrong or if there's a variable I can add that will add the user with full control during creation time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks alot Chris and soostibi..
Chris; You kinda lost me on a template ACL. I remember those from the Win2k days but they were system security template. Not sure how to go about creating and using one with regards to shared folders.
Soostibi, thanks Im about to setup some testing folders and give your script a whirl.
Chris; You kinda lost me on a template ACL. I remember those from the Win2k days but they were system security template. Not sure how to go about creating and using one with regards to shared folders.
Soostibi, thanks Im about to setup some testing folders and give your script a whirl.
Chris