Powershell Script request: remove folder security inheritance
"users" folder on specific server share. Random number of folders setup incorrectly up to two years ago, searching row by row too time consuming for 500+ users so I'm looking for a script that still stop inheritance and manually change a couple of the security entries.
Namely removing inheritance, adding the folders owner with full control (if they do not already exist), also removing "Authenticated Users" and/or "jak-2k3-mss/users" if they exist.
So folder named "Bsmith" current Security tab:
Administrators - Full
Authenticate Users - Modify
Domain Admins - Full
Backup Exec - Full
System - Full
Users - Modify
Changed to:
Administrator - Full
Domain Admins - Full
Backup Exec - Full
System - Full
Bsmith - Full (bsmith is also the folder name per login script if that helps)
The login script right now checks for the existence of a folder that matches the username, if none it creates one.
The folder creation part of the login script:
I include that in case I've got something wrong or if there's a variable I can add that will add the user with full control during creation time.
Namely removing inheritance, adding the folders owner with full control (if they do not already exist), also removing "Authenticated Users" and/or "jak-2k3-mss/users" if they exist.
So folder named "Bsmith" current Security tab:
Administrators - Full
Authenticate Users - Modify
Domain Admins - Full
Backup Exec - Full
System - Full
Users - Modify
Changed to:
Administrator - Full
Domain Admins - Full
Backup Exec - Full
System - Full
Bsmith - Full (bsmith is also the folder name per login script if that helps)
The login script right now checks for the existence of a folder that matches the username, if none it creates one.
The folder creation part of the login script:
Sub CheckForUserFolder(UserName)
On Error Resume Next
Dim ObjFSO
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
If Not(ObjFSO.FolderExists("\\jak-2k3-mss\users\" & UserName)) Then
Set newfolder = ObjFSO.CreateFolder("\\jak-2k3-mss\Users\" & UserName)
End If
End Sub
I include that in case I've got something wrong or if there's a variable I can add that will add the user with full control during creation time.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks alot Chris and soostibi..
Chris; You kinda lost me on a template ACL. I remember those from the Win2k days but they were system security template. Not sure how to go about creating and using one with regards to shared folders.
Soostibi, thanks Im about to setup some testing folders and give your script a whirl.
Chris; You kinda lost me on a template ACL. I remember those from the Win2k days but they were system security template. Not sure how to go about creating and using one with regards to shared folders.
Soostibi, thanks Im about to setup some testing folders and give your script a whirl.
Windows Server 2008
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Chris