Solved

set permissions script

Posted on 2012-03-26
10
501 Views
Last Modified: 2012-06-21
I am running Server 2008R2 with windows 7 clients.
I need to run a script from a GPO to do the following:

Check if C:\update\alldone.txt exists if so script the end (using as a kind of runonce)
Change permissions on a folder located in C:\Users\Default\folder1 from everyone read to everyone full control
Delete a file called appk.ini contained in the folder
Create a text file called alldone.txt in C:\update

I have a basic knowledge of powershell and can do most of the above with a .bat  file but really wanted to use powershell as I am trying to move away from bat files
0
Comment
Question by:Dead_Eyes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 42

Expert Comment

by:sedgwick
ID: 37766248
change the "username" parameter passed to filesystemaccessrule:


if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
	$Acl = Get-Acl "C:\Users\Default\folder1"
	$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("username","FullControl","Allow")
	$Acl.SetAccessRule($Ar)
	Set-Acl "C:\Users\Default\folder1" $Acl
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}

Open in new window

0
 
LVL 11

Expert Comment

by:Joe Klimis
ID: 37766311
Hi
I have tested this locally , buyt should work from Group policy

$basefolder = "c:\windows\temp"
$flagfile   = "C:\windows\temp\alldone.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile 

Open in new window

0
 

Author Comment

by:Dead_Eyes
ID: 37766697
Hi Sedgwick tried to run the script and got the following error, not sure what i did wrong I changed "username" parameter to everyone and changed the name of the file for testing

Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
 this script can potentially harm your computer. Do you want to run
C:\testper.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): r
Set-Acl : Attempted to perform an unauthorized operation.
At C:\testper.ps1:8 char:9
+     Set-Acl <<<<  "C:\Users\Default\folder1" $Acl
    + CategoryInfo          : PermissionDenied: (C:\Users\Default\folder1:Stri
   ng) [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.SetAclCommand



    Directory: C:\NSO


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        26/03/2012     16:50          0 Citrix.txt


PS C:\>
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 11

Expert Comment

by:Joe Klimis
ID: 37766824
Hi
Did you try my version of the script ?

Joe
0
 

Author Comment

by:Dead_Eyes
ID: 37766906
Just trying give me 20 mins its crazy at work 2day :(
0
 

Author Comment

by:Dead_Eyes
ID: 37766985
Hi Joe not sure I can ajust your script. trying to set the following things for a test

test file to delete: C:\users\default\folder1\appk.ini
file to check before to see if the scipt needs to be run: C:\nso\test.txt
folder to change permissions on: C:\users\default\folder1
0
 

Author Comment

by:Dead_Eyes
ID: 37767037
Tried the following alteration but its not doing anything or giving any error when running :(
$basefolder = "c:\users\default\folder1"
$flagfile   = "C:\NSO\test.txt"
$filematchString = ""



If ($flagfile) { Write-host "Quitting... Already Run" ; Break }

$PermsText = """$basefolder"" /grant Everyone`:(OI)(CI)F"
icacls $Permstext

if (test-path "$basefolder\appk.ini" )  {remove-item -path "$basefolder\appk.ini" -force}

"($(get-date)) All done" | out-file -append -encoding ascii $flagfile
0
 
LVL 11

Expert Comment

by:Joe Klimis
ID: 37768699
if the script did not report errors and run it should , have dont the following

checked it has not run using the flag file
changed the perms on basefolder
deleted any appk.ini files from the basefolder
created a flag file with a date stamp in it


please check to see if any of these happened ?

Joe
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 37770271
try the following:
if (Test-Path "C:\update\alldone.txt") {
	return
}
else { 
C:\WINDOWS\system32\icacls.exe "C:\Users\Default\folder1" /grant "Everyone:(OI)(CI)F"
	
	$inifile = "C:\Users\Default\folder1\appk.ini"
	if (Test-Path $inifile) {
		Remove-Item $inifile
	}
	
	New-Item "C:\update\alldone.txt" -type file
}
                                            

Open in new window

0
 

Author Comment

by:Dead_Eyes
ID: 37770630
Hi Sedgwick, thanks that did it :)
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question