Solved

set permissions script

Posted on 2012-03-26
10
493 Views
Last Modified: 2012-06-21
I am running Server 2008R2 with windows 7 clients.
I need to run a script from a GPO to do the following:

Check if C:\update\alldone.txt exists if so script the end (using as a kind of runonce)
Change permissions on a folder located in C:\Users\Default\folder1 from everyone read to everyone full control
Delete a file called appk.ini contained in the folder
Create a text file called alldone.txt in C:\update

I have a basic knowledge of powershell and can do most of the above with a .bat  file but really wanted to use powershell as I am trying to move away from bat files
0
Comment
Question by:Dead_Eyes
  • 5
  • 3
  • 2
10 Comments
 
LVL 42

Expert Comment

by:sedgwick
ID: 37766248
change the "username" parameter passed to filesystemaccessrule:


if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
	$Acl = Get-Acl "C:\Users\Default\folder1"
	$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("username","FullControl","Allow")
	$Acl.SetAccessRule($Ar)
	Set-Acl "C:\Users\Default\folder1" $Acl
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}

Open in new window

0
 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37766311
Hi
I have tested this locally , buyt should work from Group policy

$basefolder = "c:\windows\temp"
$flagfile   = "C:\windows\temp\alldone.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile 

Open in new window

0
 

Author Comment

by:Dead_Eyes
ID: 37766697
Hi Sedgwick tried to run the script and got the following error, not sure what i did wrong I changed "username" parameter to everyone and changed the name of the file for testing

Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
 this script can potentially harm your computer. Do you want to run
C:\testper.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): r
Set-Acl : Attempted to perform an unauthorized operation.
At C:\testper.ps1:8 char:9
+     Set-Acl <<<<  "C:\Users\Default\folder1" $Acl
    + CategoryInfo          : PermissionDenied: (C:\Users\Default\folder1:Stri
   ng) [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.SetAclCommand



    Directory: C:\NSO


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        26/03/2012     16:50          0 Citrix.txt


PS C:\>
0
 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37766824
Hi
Did you try my version of the script ?

Joe
0
 

Author Comment

by:Dead_Eyes
ID: 37766906
Just trying give me 20 mins its crazy at work 2day :(
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Dead_Eyes
ID: 37766985
Hi Joe not sure I can ajust your script. trying to set the following things for a test

test file to delete: C:\users\default\folder1\appk.ini
file to check before to see if the scipt needs to be run: C:\nso\test.txt
folder to change permissions on: C:\users\default\folder1
0
 

Author Comment

by:Dead_Eyes
ID: 37767037
Tried the following alteration but its not doing anything or giving any error when running :(
$basefolder = "c:\users\default\folder1"
$flagfile   = "C:\NSO\test.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile
0
 
LVL 10

Expert Comment

by:JoeKlimis
ID: 37768699
if the script did not report errors and run it should , have dont the following

checked it has not run using the flag file
changed the perms on basefolder
deleted any appk.ini files from the basefolder
created a flag file with a date stamp in it


please check to see if any of these happened ?

Joe
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 37770271
try the following:
if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
C:\WINDOWS\system32\icacls.exe "C:\Users\Default\folder1" /grant "Everyone:(OI)(CI)F"
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}
                                            

Open in new window

0
 

Author Comment

by:Dead_Eyes
ID: 37770630
Hi Sedgwick, thanks that did it :)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now