Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

set permissions script

I am running Server 2008R2 with windows 7 clients.
I need to run a script from a GPO to do the following:

Check if C:\update\alldone.txt exists if so script the end (using as a kind of runonce)
Change permissions on a folder located in C:\Users\Default\folder1 from everyone read to everyone full control
Delete a file called appk.ini contained in the folder
Create a text file called alldone.txt in C:\update

I have a basic knowledge of powershell and can do most of the above with a .bat  file but really wanted to use powershell as I am trying to move away from bat files
0
Dead_Eyes
Asked:
Dead_Eyes
  • 5
  • 3
  • 2
1 Solution
 
Meir RivkinFull stack Software EngineerCommented:
change the "username" parameter passed to filesystemaccessrule:


if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
	$Acl = Get-Acl "C:\Users\Default\folder1"
	$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("username","FullControl","Allow")
	$Acl.SetAccessRule($Ar)
	Set-Acl "C:\Users\Default\folder1" $Acl
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}

Open in new window

0
 
Joe KlimisCommented:
Hi
I have tested this locally , buyt should work from Group policy

$basefolder = "c:\windows\temp"
$flagfile   = "C:\windows\temp\alldone.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile 

Open in new window

0
 
Dead_EyesAuthor Commented:
Hi Sedgwick tried to run the script and got the following error, not sure what i did wrong I changed "username" parameter to everyone and changed the name of the file for testing

Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
 this script can potentially harm your computer. Do you want to run
C:\testper.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): r
Set-Acl : Attempted to perform an unauthorized operation.
At C:\testper.ps1:8 char:9
+     Set-Acl <<<<  "C:\Users\Default\folder1" $Acl
    + CategoryInfo          : PermissionDenied: (C:\Users\Default\folder1:Stri
   ng) [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.SetAclCommand



    Directory: C:\NSO


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        26/03/2012     16:50          0 Citrix.txt


PS C:\>
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Joe KlimisCommented:
Hi
Did you try my version of the script ?

Joe
0
 
Dead_EyesAuthor Commented:
Just trying give me 20 mins its crazy at work 2day :(
0
 
Dead_EyesAuthor Commented:
Hi Joe not sure I can ajust your script. trying to set the following things for a test

test file to delete: C:\users\default\folder1\appk.ini
file to check before to see if the scipt needs to be run: C:\nso\test.txt
folder to change permissions on: C:\users\default\folder1
0
 
Dead_EyesAuthor Commented:
Tried the following alteration but its not doing anything or giving any error when running :(
$basefolder = "c:\users\default\folder1"
$flagfile   = "C:\NSO\test.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile
0
 
Joe KlimisCommented:
if the script did not report errors and run it should , have dont the following

checked it has not run using the flag file
changed the perms on basefolder
deleted any appk.ini files from the basefolder
created a flag file with a date stamp in it


please check to see if any of these happened ?

Joe
0
 
Meir RivkinFull stack Software EngineerCommented:
try the following:
if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
C:\WINDOWS\system32\icacls.exe "C:\Users\Default\folder1" /grant "Everyone:(OI)(CI)F"
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}
                                            

Open in new window

0
 
Dead_EyesAuthor Commented:
Hi Sedgwick, thanks that did it :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now